1 Rookie
•
2 Posts
0
85
February 28th, 2025 14:15
Dell OME migration fails in second step.
My dell OME migration from 3.10.2 -> 4.1.0 fails in the second step. I am using signed certificates, both from the same certificate authority. I try to validate using the hostname and credentials for the admin account on the new OME instance, and it gives me this message: Unable to mutually authenticate and connect to remote appliance. Please check the source and target appliances has valid certificate chain uploaded which are signed by same CA.
Both certs come from the same CA, and both of them pass the chain check in step 1. I have tried the other solutions present in the forums that I have seen (making sure that http proxy is disabled, changing passwords, I even gave both machines a reboot for gits and shiggles.) Any help would be much appreciated. Thank you for your time.
DELL-Chris H
Moderator
•
9.7K Posts
0
February 28th, 2025 19:35
It would be the certificate authority not the host names, as the source and target aren't the same. The example below shows how it should and shouldn't look.
DELL-Chris H
Moderator
•
9.7K Posts
0
February 28th, 2025 18:37
JustLogan,
The error you are seeing is due to the fact that the names of the certificate authorities in the chain between the source and target certificates have the same 'issued to' and 'issued by.' If these names do not match, the source or the target cannot verify that the same signing authorities issued the certificates. On that, I found the page here that goes over the issues you can run into with the certificate change, the issue you are seeing, and also provides steps to bypass the certificate chain requirement if needed.
Let me know if this helps.
JustLogan
1 Rookie
•
2 Posts
0
February 28th, 2025 18:52
@DELL-Chris H The way that your reply was worded has me a bit confused... is the issue because the names do match, or because they do not match? I've checked every piece in the certificate chain and they both have the same issuer. The only difference between the two certificates is that they're for different hostnames, since we are going to be changing hostnames with this upgrade. Is that the cause of the issue? The mismatched hostnames?