Customer reported problems regarding his U2000 and the connection to the OSS system. When he used the default certificates, there were no problems, but when he tried to use his own certificate, the connection fails and he receives the following error message:
"Caused by SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:581)'),))"
- NBI is running properly with the original "Huawei" certificates;
- OSS can do all necessary tasks on the NBI with the default certificate;
- if OSS uses its own certificate gets the SSL error;
- the U2000 certificate is authorized by the same authority as the OSS certificate;
- both system OSS and U2000 cannot connect to the CA to verify the certificates, because both systems are in separate DMZ's.
Step 1: It`s needed to change the rootCA.crt to rootCA.cer, because the Msuite don`t support .crt file.
Step 2: Load the rootCA.cer file from primary Msuite.
Step 3: Change the /opt/oss/server/nemgr/nemgr_access/tool/xml2tl1/conf/config.properties and sslconfig.properties. Also, it`s needed to modify the ClientAuth item value from true to false on both servers.
Step 4: Run the command to synchronize the password to sslconfig.properties on primary server according to the guide:
5. Restart the ast_xml process.
6. Copy the /opt/oss/server/nemgr/nemgr_access/tool/xml2tl1/sslconfig.properties to secondary server, because the certificates weren`t active on the secondary and the script to update the password directly doesn't work.