Known issues
This section explains known issues with this probe.
Huawei Network Cloud Engine (NCE) CORBA NBI Requires Bidirectional Authentication
By default, Huawei NCE devices use bidirectional or two-way SSL. However, the probe does not support bidirectional or two-way SSL authentication by default .
SSLIOP mode
In SSLIOP mode, data is encrypted according to the certificate. The certificates used by the client and the server must be the same. This requires that the OSS must use the SSL protocol to communicate with the NCE CORBA NBI. That is, the OSS must use the certificate, digital signature, and encryption algorithm to enhance the security of the communication between systems. Generally, the bidirectional authentication mode is used by default if there is no special security requirement for the communication between the OSS and the NCE CORBA NBI.
Workaround
- Disable the bidirectional authentication mode of EMS.
- Update the CORBA Framework properties file:
$OMNIHOME/probes/java/corba/jacorb-3.3/etc/jacorb.properties
# Bidirectional handshakes jacorb.security.ssl.client.supported_options=60 jacorb.security.ssl.client.required_options=60 jacorb.security.ssl.server.supported_options=60 jacorb.security.ssl.server.required_options=60 - Update the probes environment file
$OMNIHOME/probes/java/nco_p_huawei_u2000_corba.env
# Bidirectional handshakes NCO_JPROBE_JAVA_FLAGS="-Djacorb.security.ssl.client.supported_options=60 $NCO_JPROBE_JAVA_FLAGS" NCO_JPROBE_JAVA_FLAGS="-Djacorb.security.ssl.client.required_options=60 $NCO_JPROBE_JAVA_FLAGS" NCO_JPROBE_JAVA_FLAGS="-Djacorb.security.ssl.server.supported_options=60 $NCO_JPROBE_JAVA_FLAGS" NCO_JPROBE_JAVA_FLAGS="-Djacorb.security.ssl.server.required_options=60 $NCO_JPROBE_JAVA_FLAGS" echo "NCO_JPROBE_JAVA_FLAGS=$NCO_JPROBE_JAVA_FLAGS"