4 Replies Latest reply on Jun 11, 2009 2:44 PM by Bill Robinson

    Certificate Question

    young so


      Application Server does not have console installed.  (i.e. no authenticationProfiles.xml or local certificate)

      There is no NSH Proxy.

      The Client GUI (Configuration Manager) is installed on the user's desktop.



      How do I generate a certificate for the Application server to use blcred?

      How do I have the user's desktop authenicate NSH without Proxy?

        • 1. Re: Certificate Question
          Bill Robinson

          Which certificate are you trying to generate - the one that encrypts the communication between the client and the appserver (one should have been generated during install) ?


          You can't authenticate NSH w/o the NSH Proxy.


          You can create entries in the users.local files on the target agents for the username of the client system username - so if you login to your desktop w/ 'youngso' you could add a line like:


          youngso rw,map=root in the users.local file on the target agent.

          then you can cd to the target from your desktop (assuming the network path is clear and the exports file allows the connection)

          • 2. Re: Certificate Question
            young so

            I would like to generate certificate on the user desktop to authenciate with application server using NSH.  Please keep in mind that there is no agent installed on the user's desktop. So, within NSH, Iblcred cred -acquire -profile to authenicate the NSH shell.  Then I could manage all endpoint without being at the application server.


            Modify the user.local file didn't work for me.  when I did cd \\machinename; it (machine) refused the connection.

            • 3. Re: Certificate Question
              Bill Robinson

              Without the nsh proxy, you can't authenticate NSH.  you can run blcred and get credentials but they won't be using by NSH unless you configure the client to use the NSH proxy.


              what's in the exports file on the target system, and what's in the rscd.log on the target when you get rejected?

              • 4. Re: Certificate Question
                Bill Robinson

                If you want to manage your hosts over nsh w/o the appserver (this was how version 4 of BladeLogic worked) you should only need to make sure:


                -exports file on your target(s) allow connections from your client system or * eg:

                * rw


                <client ip> rw


                -in the users or users.local file you have an entry for the client OS user like:

                youngso  rw,map=root


                and you should be able to cd to the machine like

                cd //<target server>


                this also assumes the client system can talk to 4750/tcp on the target (eg no firewalls blocking access)


                if that fails, you should look in the rscd.log on the target system and see why you are denied.