Troubleshooting
Problem
SSL certificate change to IBM "Call Home" servers for HMC
Symptom
There is a change of SSL certificates on the backend IBM call home servers. The old Equifax root certificates have expired, and must be replaced to ensure that problem reporting, connectivity heartbeat, VPD data, COD reporting, software information, and performance management (PM) metrics all continue to call home to IBM as expected.
This change occurred on August 1st, 2018.
This change occurred on August 1st, 2018.
Cause
Change of SSL certificates on the backend IBM call home servers.
Environment
All HMC versions are impacted prior to Version 8 Release 8.4.0
Diagnosing The Problem
Call home and transmit of service data will fail after August 1st, 2018 without this fix.
Fix information on the new certificates:
1. ECC gateway devices
eccgw01 (207.25.252.197) and eccgw02 (192.42.160.51)
New certificate chain:
root: GeoTrust Global CA (sha1)
intermediate: GeoTrust SSL CA - G3
server: specific certificate per device
2. URSF devices:
(207.25.252.200, .204, .205, 129.42.160.48, .49, .50)
New certificate chain:
root: Digicert Global Root CA (sha1)
intermediate: Geotrust RSA CA 2018
server: specific certificate per device
Fix information on the new certificates:
1. ECC gateway devices
eccgw01 (207.25.252.197) and eccgw02 (192.42.160.51)
New certificate chain:
root: GeoTrust Global CA (sha1)
intermediate: GeoTrust SSL CA - G3
server: specific certificate per device
2. URSF devices:
(207.25.252.200, .204, .205, 129.42.160.48, .49, .50)
New certificate chain:
root: Digicert Global Root CA (sha1)
intermediate: Geotrust RSA CA 2018
server: specific certificate per device
Resolving The Problem
It is recommended to install a later HMC level to avoid this issue, HMC Version 8 Release 8.4.0 with latest SP + PTFs or higher.
IBM is providing HMC PTF fixes to update the certificate depending on the earlier HMC release level installed if upgrading is not an option or not possible due to the HMC model. These fixes are provided as-is:
For HMCs running V7.720 through V7.790 install MH0GTIU-V72-79.iso image (readme file also provided)
For HMCs running V8.810 through V8.830 install MH0GTIU-V81-83.iso image (readme file also provided)
For HMCs running V8.840 through V9.910 no PTF is required
Both fixes can be downloaded from https://www.ibm.com/support/pages/esa/downloads_esa.htm
This PTF replaces the certificate and is provided as-is. The PTF will not be displayed in the lshmc -V output. Call home and Transmit Service Data for VPD, CoD reporting, heartbeat, etc should be attempted after installing the PTF.
WORKAROUND:
Upgrade to a later level such as HMC code Version 8 Release 8.4.0 + latest SP and PTFs or later.
IBM is providing HMC PTF fixes to update the certificate depending on the earlier HMC release level installed if upgrading is not an option or not possible due to the HMC model. These fixes are provided as-is:
For HMCs running V7.720 through V7.790 install MH0GTIU-V72-79.iso image (readme file also provided)
For HMCs running V8.810 through V8.830 install MH0GTIU-V81-83.iso image (readme file also provided)
For HMCs running V8.840 through V9.910 no PTF is required
Both fixes can be downloaded from https://www.ibm.com/support/pages/esa/downloads_esa.htm
This PTF replaces the certificate and is provided as-is. The PTF will not be displayed in the lshmc -V output. Call home and Transmit Service Data for VPD, CoD reporting, heartbeat, etc should be attempted after installing the PTF.
WORKAROUND:
Upgrade to a later level such as HMC code Version 8 Release 8.4.0 + latest SP and PTFs or later.
[{"Product":{"code":"SGGSNP","label":"Hardware Management Console V9"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Rack Mount and DeskTop - All models","Platform":[{"code":"","label":"x86"}],"Version":"7.7.9;8.8.1;8.8.2;8.8.3","Edition":"Enterprise","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Was this topic helpful?
Document Information
Modified date:
22 September 2021
UID
nas8N1022613