Deploying the System Center Operations Manager Linux Agent fails with "The certificate Common Name (CN) does not match"

Symptoms

Attempting to deploy the System Center Operations Manager Linux Agent to a Red Hat server fails.  In this scenario you receive the error below while discovering and deploying the agent:

The certificate Common Name (CN) does not match. Please resolve the issue, and then run

The server certificate on the destination computer (<Redhat machine name>) has the following errors:   
The SSL certificate is signed by an unknown certificate authority. 
The SSL certificate contains a common name (CN) that does not match the hostname.    
For additional help on this error please go to ....

Cause

This can occur for either of the following reasons:

  • Certificates may not be valid as the reporting server may have been changed
  • The certificate contains an incorrect host name

Resolution

To resolve this issue, complete the steps below:

1. Remove the existing contents of the agent directory on the server and reinstall the agent RPM
2. Generate the certificate, making sure to use the correct host name: "/opt/Microsoft/scx/bin/tools/scssslconfig –f –h <hostname>"
3. Check the status of the certificate: "openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer -dates"
4. Discover the agent from the console and sign the invalid certificate without SSH

Properties

Article ID: 2651766 - Last Review: Jul 9, 2012 - Revision: 1

Feedback