Certificate for a managed compute node is not trusted

If a compute node that is under management is displayed in the IBM® Flex System Manager management software web interface with the trust state Not Trusted, and a certificate for that compute node is in the certificate trust store, you must accept the untrusted certificate for that compute node in the management software certificate trust store.

If a certificate is listed with any status other than trusted, communication is not permitted with the associated compute node. All certificates required by the access points on the associated compute node must exist in the certificate trust store as trusted certificates before communication is allowed.

You can use the following information to accept an untrusted certificate or import a certificate to the certificate trust store.

Note: A management software administrator can revoke a certificate, which prevents the associated compute node from communicating with the management software. Any resource that is using a certificate that is revoked will not be trusted.

Accepting a certificate

To accept a compute node certificate that is not trusted by the management software, complete the following steps in the management software web interface:

  1. From the Chassis Manager page, click the chassis that contains the compute node with the certificate that is not trusted. The Chassis Map opens.
  2. From the Chassis Map graphical view, click the chassis or managed system.
  3. In the Details section (under the graphical representation of the chassis), click Actions > Security > View Certificates. The View Certificates page opens, and the certificates for the selected system are displayed.
  4. To view the details for the certificate, select the box for the certificate; then, click View Certificate.
  5. Click the Certificate Trust Store link on the View Certificates page. The Certificate Trust Store page opens.
  6. If you believe the certificate in question is legitimate, select the box for the certificate and click Accept. The certificate is added to the trust store.

Importing a certificate

If you have the certificate for the compute node saved as a local file, you can import the certificate and add it to the trust store.
Note: The certificate must be valid to be added to the certificate trust store; if the certificate is expired, not yet valid, or has been corrupted, it will not be imported and added.

To import a certificate to the management software certificate trust store, complete the following steps in the management software web interface:

  1. From the Chassis Manager page, click the chassis that contains the compute node with the certificate that is not trusted. The Chassis Map opens.
  2. From the Chassis Map graphical view, click the chassis or managed system.
  3. In the Details section (under the graphical representation of the chassis), click Actions > Security > Certificate Trust Store. The Certificate Trust Store page opens, and all of the certificates that are stored by the management software are displayed.
  4. From the Certificate Trust Store page, click the Import button. A Certificate Import page is opened.
  5. From the Certificate Import page, in the file name field, point to the certificate that was exported as a local file. Specify any Display name value that helps describe this certificate.
  6. Click OK.
Parent topic: Troubleshooting the management software