Hi all-
I am attempting to test my application in a new ePO environment and am unable to connect to the broker.
The OpenDXL Python Client keeps displaying the following error message:
2017-06-29 10:43:18,717 dxlclient.client - ERROR - Failed to connect to broker {Unique id: {xxxxx}, Host name: xxxxx, IP address: xxxxx, Port: 8883}
Any thoughts on what might be wrong?
That error indicates that the broker is not aware of the CA that was used to sign the certificate of the client that is attempting to connect.
A couple of things you can try (only applicable for an ePO-managed DXL environment):
If you have access to the broker, you can look at the following file to see if the broker does indeed have the CA:
/var/McAfee/dxlbroker/keystore/ca-client.crt
If you have a basic installation (not using multi-ePO, etc.) there will be two certificates in this file by default. Once you add your CA you should see three in there. If there are still only two, that indicates that the broker has not received your CA via policy.
Chris
Thanks for response. It turns out I imported the client certificate, but neglected to import my CA certificate.
I have found the OpenDXL Python Client fairly simple to use, but the certificate management is a little cumbersome. Are there plans to simplify the process to provision OpenDXL clients?
Yes, there are plans to simplify the way certificates are provisioned for OpenDXL clients. In ePO-managed environments the client will provide an option to automatically generate a key-pair, trigger signing via ePO, and pull down the necessary files for connecting to brokers.