Skip to main content

Server certification validation fails

Use this information when you attempt to install a server certificate in Lenovo XClarity Administrator and the validation of the certificate fails.

About this task

Server certification validation might fail when XClarity Administrator attempts to:

  • Connect to managed devices using CIM-XML over HTTPS.

  • Reach an external authentication server using secure LDAP (if you have configured a secure LDAP connection).

  • Reach an external SAML identity provider using a secure connection (if you have configured SAML).

  • Connect to the remote file servers for importing OS images (if you have configured an HTTPS image server).

  • Connect to Lenovo to obtain warranty status information.

  • Connect to the Apple and Google push-notification server (if Lenovo XClarity Mobile push notifications are enabled for an iOS or Android device).

Procedure

To resolve this issue, complete the following steps.

  • Ensure that the certificate or its signing certificate exists in the Trusted Certificates trust store or the External Services Certificates trust store in XClarity Administrator. For more information about trusted certificates and external services certificates, see Working with security certificates .

  • Ensure that the certificate has not been revoked (see Adding and replacing a certificate revocation list ).

  • Ensure that the server's IP address or hostname matches one of the subject alternative names or the common name (if SAN is not present) in the certificate.

  • Ensure that today’s date is between the Not valid before and Not valid after dates in the certificate.

  • Ensure that the certificate is signed using a supported algorithm, either SHA1 or stronger if in legacy mode, or SHA256 or stronger if in NIST strict mode (see Configuring cryptography settings on the management server ).