4 Replies Latest reply on Jul 9, 2014 5:46 AM by Santhosh Kurimilla

    Credentials and certificate help

      Hey all,


      I got tasked with making an import procees, well, refining our import process for bringing systems online in bladelogic. I have a Windows service  I wrote sitting on my app server and it watches for the new systems to come online in our environment via my client that runs on the other end. During testing I noticed that if I make the Windows service run as my current user it works perfect, but running as a LocalSystem user - not so much. I wrote in my log that it is getting hung on a question, as below:


      "Do you want to accept the following X509 certificate from "service:authsvc.bladelogic:blauth://NLVBLAPP2:9840"?" - failure: Cannot connect to "service:authsvc.bladelogic:blauth://NLVBLAPP2:9840" - No trusted certificate found"


      To me, and I am no expert, it appears that the certificate needs to be added to the certificate store. I am using the service to execute BLCLI addServer. I am acquiring session credentials prior to and decommission / addServer commands. Like I said, f I am using my service as the logon user it works great. The problem is that I need to move this from my user from testing to a more permanent user or use the LocalSystem user account.


      Any thoughts?

        • 1. Re: Credentials and certificate help
          Bill Robinson

          you need to accept the certificate from the appserver – it goes into a file in the user’s home dir, not the OS’s keystore.


          I think you can do like:


          Echo y | blcred cred –acqurie blah blah


          And it will accept the cert.

          • 2. Re: Credentials and certificate help

            I got to thinking about it after you posted Mr. Bill, and I think maybe going about it with the LocalSystem account is a bad idea all around. When I ran blcred cred -list I noticed my user had the associated authentication profiles listed as well. Since I am executing BLCLI commands with this used to add these systems I will need to be authenticated to execute them. I am wondering if I shouldn't have another user added, set a password, check password never expires, and use it as a user service account. Then I would just need to blred cred -acquire -profile PRODBL -username xxxx -password xxxxxxx as I originally intended. This same method I used for testing worked like a champ, this would somewhat emulate it.



            I think. :/

            • 3. Re: Credentials and certificate help

              Well... No, that was actually the easiest way to do it Mr. Bill. I had the code in place, adding the Echo Y| worked. I saw the usage for doing that same thing to a remote system to execute BLCLI from Contol-M but not like I am trying to use it.. and I don't have to involve our infrastructure team or change management processes to add a friggen user account. Thank you.

              • 4. Re: Credentials and certificate help
                Santhosh Kurimilla

                One correction here:

                When we are accepting the certifications with echo y, it is still failing.

                If we use echo yes only, it is successful.