When the management
server receives a certificate request, it attempts to
automatically identify the node that the
request comes from using the host name. This automatic mapping
fails in the following situations:
There is no node with the same host name as the system that the
request came from.
There is a node with the same host name, but the node has an
OvCoreId that is different to the OvCoreId in the certificate
request.
If the management server fails to map a certificate request to a
node, and you know that the node already exists in the database,
you can map the certificate request to the node manually. If a node
does not already exist in the database, you must configure it
before you can map the certificate request. The node is listed
under Unmanaged Nodes with Agents in the Configure Managed Nodes
dialog.
You can unmap certificate requests if you need to, and then map
them to a different node.
As well as mapping certificate requests in the console, you can
also map and unmap them from the command prompt.
To map certificate requests to nodes
In the console tree, click Certificate
Requests. A table of certificate requests appears in the
details pane.
Right-click an unmapped certificate request, and then click
All TasksMap to Node. The
Map Certificate Request to Node dialog appears.
Navigate the node tree and click the node that you want to map
the certificate request to.
Click Map Node.
Read the warning message that appears, and then click OK
or Cancel. If you click OK, the management server updates
the node's OvCoreID with the OvCoreID from the certificate request.
The certificate request then becomes pending and can be granted
either automatically or manually.
To unmap certificate requests
In the console tree, click Certificate Requests. A table
of certificate requests appears in the details pane.
Right-click a mapped certificate request, and then click All
TasksUnmap. You can then map the
certificate request to a different node if appropriate.
To map certificate requests from the command prompt
Log in to the management server with an account that is a
member of the HPOM administrators group. Open a command
prompt.
Use ovowcsa -listpending to get a list of
certificate requests.
Map a certificate request by specifying the request ID or host
name with the following command:
If you omit the node_host_name and
OvCoreId, the command attempts to map the certificate
request using the request_host_name. This is useful if
you configured a node with that host name after the original
attempt to map the certificate request failed.
If there is more than one certificate request with the same
request_host_name, you must specify the
request_ID.
If the host name in the certificate request is different to the
node's host name, add the -force option.
If the node has an OvCoreID that does not match the OvCoreID in
the certificate request, the mapping fails. Add the
-force option to map the certificate request.