cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1190
Views
0
Helpful
9
Replies

UPM - no SSL?

Jon Nelson
Level 3
Level 3

Is it possible to SSL enable UPM? If not, this is a gating issue and a non-starter in most of my customer environments and our own internal environment. Usernames and passwords are not allowed to be sent in the clear on production systems.

Thanks,

Jon

9 Replies 9

Jon Nelson
Level 3
Level 3

Looks like SSL can be enabled based on the QSG posted to CCO. I will test the configuration and report back my findings.

Thanks,

Jon

Jon Nelson
Level 3
Level 3

Can this file, OpenSSL0.9.8s-Linux_P90X.zip, please be uploaded to File Exchange? The QSG on CCO mentions it, but I can't seem to find it on cisco.com anywhere.

Thanks,

Jon

Jon,

Will get this posted on File exchange and respond back.

Thanks,

Sunil

I attempted to access the File Exchange but it replies with no access rights. Can I be added to the list of users? I would also like to download the OpenSSL0.9.8s-Linux_P90X.zip file for setting up SSL.

Alternatively, does the Self-Help portal work without https at all? Will not come up by standard installation and can only access the user pages through logging in as pmadmin at the normal management interface then selecting the user and going to Personal Settings. Attempts to access the page outside of the admin login or by attempting to log in with the user name fails.

Regards,

DJ

DJ,

I responded to you seperately over an email. Regarding end user not being able to use self care, Can you make sure that you gave them self care acess in the first place? Please take a look at user management page.

Regards,

Sunil Bommaji

Hello Partners,

The OpenSSL0.9.8s-Linux_P90X.zip file comes on CD that ships with BE6000 server. However for the market-trial participants here, since we shipped a home baked system before the product is released to the manufacturing, this file along with other software and documentation is missing. Also currently this file is missing from CCO and product team is looking into fixing that.

For the market-trial participants here, I have uploaded the file to file exchange. Please let me know if anyone has trouble accessing it from:

https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=BE6000_EFT

Regards,

Sunil

Hey Sunil,

It seems my pmadmin account is not accepting the credentials originally created with it anymore. Set the same password on all three accounts for the CUPM server and works fine with the root account on SSH. Attempted to reset the password with the instructions on the QuickStart guide and first off, not providing the script directory does not help. Found the script and would not run without "su root" before it which is not mentioned in the instructions, and still failed to change the password. Might want to have someone review and revise the instructions.

Instructions used: Cisco-Unified-ProvManager-90-BE-QuickStartGuide.pdf page 48

---

Resetting the Provisioning Manager Admin Password

To ensure that access to Provisioning Manager meets the security requirements at your site, you can reset the password for the Provisioning Manager pmadmin administrative account.

To reset the password for pmadmin:

Step 1

Log into the Provisioning Manager server as root using SSH.

Step 2

Open the command prompt.

Step 3

Enter the following command:

./ResetCUPMAdminPassword.sh password

ALL

where password

is the new password.

---

Output results as follows:

(had to change to the directory with the script, which I found with the "locate Reset" command)

(

Found in two locations, but only tried the first one:

/opt/cupm/sep/build/bin/ResetCUPMAdminPassword.sh

/opt/cupm/sep/ipt/bin/ResetCUPMAdminPassword.sh

)

[root@CUPM-27 /]# cd /opt/cupm/sep/build/bin

[root@CUPM-27 bin]# ./ResetCUPMAdminPassword.sh ******** ALL
-bash: ./ResetCUPMAdminPassword.sh: Permission denied


[root@CUPM-27 bin]# su root ./ResetCUPMAdminPassword.sh ******** ALL
Failed to reset the pmadmin password. Reason: DFC Exception CORE-0045 [ERROR]: Unexpected exception caught handling session token: EntityException CORE-0046
The old encrypted admin password is: 7cd0ef544e44bd595b2a11a6640be05c
An error occured while setting the old password back.
EntityException CORE-0045
        at dfc.ejb.usersessionservice.SessionTokenImpl.(SessionTokenImpl.java:228)
        at dfc.ejb.usersessionservice.UserSession.getSystemToken(UserSession.java:252)
        at dfc.security.SessionTokenHelper.getSystemToken(SessionTokenHelper.java:171)
        at dfc.security.SessionTokenHelper.getSystemToken(SessionTokenHelper.java:225)
        at dfc.ipt.tools.ResetCUPMAdminPassword.changeAdminPassword(ResetCUPMAdminPassword.java:135)
        at dfc.ipt.tools.ResetCUPMAdminPassword.main(ResetCUPMAdminPassword.java:66)
[root@CUPM-27 bin]#

Tried using the same password as originally set, and tried a couple other passwords to reset as, and all reply with the same error above.

Any ideas? Think my pwd file corrupt? Anyone at Cisco want to jump in and check?

Regards,

DJ

DJ,

Engineering is looking into your problem. Also reviewing the instructions in QSG.

Thanks.

Sunil

DJ,

Our engineering wants to work with you on this issue and want to set up a call with you. Please let me know what time works for you

Regards,

Sunil

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: