Security

Hi,

I reinstalled the database certificate to 2000 days with self-signed. After that, the log event of the following message continues to occur.




"
Failed to verify the Database Server Certificate of host 100.1.0.10. After updating and installing the server certificate a server reboot is required. The server certificate should contain the IP address as part of the subject, such as CN = 100.1.0.10, or as a subject alternative name (SAN), such as DNS: 100.1.0.10. If the server certificate is CA signed then this host should have the CA certificate chain that signed the server certificate in the Trust List.
User: avendatomcat"

Even if I change it to a public certificate, the symptoms are the same, and the same event continues to occur even if I create it with IP and DNS information in CN and SAN normally.

What's the problem?

Watching this topic as I have the same issue.
Original Message:
Sent: Jul 11, 2022 04:26 AM
From: Taemin Oh
Subject: ClearPass 6.9.11 : TipsDb ERROR Database Server Certificate

Hi,

I reinstalled the database certificate to 2000 days with self-signed. After that, the log event of the following message continues to occur.




"
Failed to verify the Database Server Certificate of host 100.1.0.10. After updating and installing the server certificate a server reboot is required. The server certificate should contain the IP address as part of the subject, such as CN = 100.1.0.10, or as a subject alternative name (SAN), such as DNS: 100.1.0.10. If the server certificate is CA signed then this host should have the CA certificate chain that signed the server certificate in the Trust List.
User: avendatomcat"

Even if I change it to a public certificate, the symptoms are the same, and the same event continues to occur even if I create it with IP and DNS information in CN and SAN normally.

What's the problem?

I would recommend opening a TAC case.  Database operations can be very dangerous and can easily lead to a non-functioning ClearPass deployment.  Also what is your reason for changing the database certificate?  Aruba typically doesn't recommend it.  The only reason to change it (arguably) is to satisfy a security audit.
Original Message:
Sent: Jul 11, 2022 04:26 AM
From: Taemin Oh
Subject: ClearPass 6.9.11 : TipsDb ERROR Database Server Certificate

Hi,

I reinstalled the database certificate to 2000 days with self-signed. After that, the log event of the following message continues to occur.




"
Failed to verify the Database Server Certificate of host 100.1.0.10. After updating and installing the server certificate a server reboot is required. The server certificate should contain the IP address as part of the subject, such as CN = 100.1.0.10, or as a subject alternative name (SAN), such as DNS: 100.1.0.10. If the server certificate is CA signed then this host should have the CA certificate chain that signed the server certificate in the Trust List.
User: avendatomcat"

Even if I change it to a public certificate, the symptoms are the same, and the same event continues to occur even if I create it with IP and DNS information in CN and SAN normally.

What's the problem?

I solved it.

Log in to the CLI

I used the "system reset-server-certificate" command.

And after resetting the database certificate
Policy manager restarted

The error message no longer appears in the Event.
Original Message:
Sent: Jul 11, 2022 04:26 AM
From: Taemin Oh
Subject: ClearPass 6.9.11 : TipsDb ERROR Database Server Certificate

Hi,

I reinstalled the database certificate to 2000 days with self-signed. After that, the log event of the following message continues to occur.




"
Failed to verify the Database Server Certificate of host 100.1.0.10. After updating and installing the server certificate a server reboot is required. The server certificate should contain the IP address as part of the subject, such as CN = 100.1.0.10, or as a subject alternative name (SAN), such as DNS: 100.1.0.10. If the server certificate is CA signed then this host should have the CA certificate chain that signed the server certificate in the Trust List.
User: avendatomcat"

Even if I change it to a public certificate, the symptoms are the same, and the same event continues to occur even if I create it with IP and DNS information in CN and SAN normally.

What's the problem?

Is there any effect after the reset?

As @ahollifield said, it looks hazardous to do.

------------------------------
Give me a Kudo when it is useful.

Ratchapas
https://www.facebook.com/Aruba-News-Update-1401095559960142
------------------------------

Original Message:
Sent: Jul 11, 2022 09:21 PM
From: Taemin.Oh
Subject: ClearPass 6.9.11 : TipsDb ERROR Database Server Certificate

I solved it.

Log in to the CLI

I used the "system reset-server-certificate" command.

And after resetting the database certificate
Policy manager restarted

The error message no longer appears in the Event.
Original Message:
Sent: Jul 11, 2022 04:26 AM
From: Taemin Oh
Subject: ClearPass 6.9.11 : TipsDb ERROR Database Server Certificate

Hi,

I reinstalled the database certificate to 2000 days with self-signed. After that, the log event of the following message continues to occur.




"
Failed to verify the Database Server Certificate of host 100.1.0.10. After updating and installing the server certificate a server reboot is required. The server certificate should contain the IP address as part of the subject, such as CN = 100.1.0.10, or as a subject alternative name (SAN), such as DNS: 100.1.0.10. If the server certificate is CA signed then this host should have the CA certificate chain that signed the server certificate in the Trust List.
User: avendatomcat"

Even if I change it to a public certificate, the symptoms are the same, and the same event continues to occur even if I create it with IP and DNS information in CN and SAN normally.

What's the problem?

Here is the documentation for that command. If you reset one or more certificates, you likely will need to update them after you regained access.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jan 02, 2025 10:44 PM
From: Sisant
Subject: ClearPass 6.9.11 : TipsDb ERROR Database Server Certificate

Is there any effect after the reset?

As @ahollifield said, it looks hazardous to do.

------------------------------
Give me a Kudo when it is useful.

Ratchapas
https://www.facebook.com/Aruba-News-Update-1401095559960142

Original Message:
Sent: Jul 11, 2022 09:21 PM
From: Taemin.Oh
Subject: ClearPass 6.9.11 : TipsDb ERROR Database Server Certificate

I solved it.

Log in to the CLI

I used the "system reset-server-certificate" command.

And after resetting the database certificate
Policy manager restarted

The error message no longer appears in the Event.
Original Message:
Sent: Jul 11, 2022 04:26 AM
From: Taemin Oh
Subject: ClearPass 6.9.11 : TipsDb ERROR Database Server Certificate

Hi,

I reinstalled the database certificate to 2000 days with self-signed. After that, the log event of the following message continues to occur.




"
Failed to verify the Database Server Certificate of host 100.1.0.10. After updating and installing the server certificate a server reboot is required. The server certificate should contain the IP address as part of the subject, such as CN = 100.1.0.10, or as a subject alternative name (SAN), such as DNS: 100.1.0.10. If the server certificate is CA signed then this host should have the CA certificate chain that signed the server certificate in the Trust List.
User: avendatomcat"

Even if I change it to a public certificate, the symptoms are the same, and the same event continues to occur even if I create it with IP and DNS information in CN and SAN normally.

What's the problem?