3 Replies Latest reply on May 18, 2012 2:19 PM by Bill Robinson

    why does batch blcred require I accept a certificate (which I can't since it's batch)?

      Yeah, the short answer to the question is "Security, stupid" but here's the thing...


      I'm attempting to run some blcli remotely (not via nsh).  For some reason, when I try to acquire credentials, my script fails because I'm being prompted to accept the certificate from my application server.


      All I'm trying to do is this:

      blcred cred -acquire -profile BAA -i C:/docume~1/harscm/applic~1/BladeLogic/user_info.dat


      Log of the output of the script shows repeated timeouts awaiting a simple "yes":


      Do you want to accept the following X509 certificate from "service:authsvc.bladelogic:blauth://fl1m-dom-ap08v:9840"?




      The stupid thing (actually there are two):

      1)  If when I run that script I happen to be logged in (in an mstsc session) to the app server, the script acquires credentials fine.  Log out and it goes immediately back to prompting.  So somewhere in the windows login it seems to be implicitly accepting the cert but only for the life of that windows session.  Persisting that would be great.

      2) We use Atrium Orchestrator as well.  In the configuration for the blade adapter, it has entries apparently anticipating this very problem:



      So AO seems to be playing "stimulus|response" fine, but there doesn't seem to be an equivalent in blcli