I'm having some issues related to replacing the server.crt on the AVS 3120 with a cert from Verisign. I am running version 6.0. I have the cert in a PFX format. I know this cert is good because I have installed it on another machine with no problems. I used the openSSL pkcs12 utility to decrypt the PFX into a private key file and a cert.
openssl pkcs12 -in truck.pfx -nocerts -out truckkey.pem
openssl pkcs12 -in truck.pfx -clcerts -nokeys -out truckcert.pem
Both files are readable. I copied and renamed these files to server.key and server.crt in the /usr/avs/perfnode/node_manager/conf/ssl.crt/ directory and bounced the service ./fgnnmctl. (I even rebooted.) Once I rebooted, I could no longer manage the 3120 from the 3180 management console. Just for sanity, I swapped out the Verisign cert and put the original cert back in. Everything works. So it is related to the cert. The docs say you do not have to import a cert into the 3180 management console if it comes from Verisign. I tried that anyway - and the 3180 complains that it is not X.509 compliant. Here is an error_log from the 3120 in /usr/avs/perfnode/node_manager/logs which I am sure is the root of the problem:
Feb 28 15:13:57 AVS-3120-DC-1 nmgr: [error] mod_ssl: Init: (localhost:9090)
Unable to configure RSA server private key (OpenSSL library error follows)
Feb 28 15:13:57 AVS-3120-DC-1 nmgr: [error] OpenSSL: error:0B080074:x509 ce
rtificate routines:X509_check_private_key:key values mismatch
I get this error just starting the service ./fgnnmctl start
Has anyone seen this or can advise? Thanks.
Note: I just found that the key file should be stored in the /usr/avs/perfnode/node_manager/conf/ssl.key/ directory.
Once I moved it there, "./fgnnmctl start" worked, but it prompted me for the passphrase. Now when I reboot, the Starting fgnpn: service is waiting....probably for the passphrase to be responded to - which I can't do.