Connectrix: B 시리즈: 만료된 HTTPS 인증서로 인해 스위치 상태가 미미한 상태 발생
Zusammenfassung: HTTPS 인증서가 만료되면 스위치 상태에 대한 MAPS 알림이 트리거되고 상태가 심각하지 않음으로 설정됩니다.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Symptome
MAPS 출력에서:
mapsdb --show 2 Switch Health Report: ======================= Current Switch Policy Status: MARGINAL Contributing Factors: --------------------- *EXPIRED_CERTS (MARGINAL). SwitchA:admin> seccertmgmt show -all ssh private key: Does not Exist ssh public keys available for users: None Certificate Files: -------------------------------------------------------------------------------------------------------------------- Protocol Client CA Server CA SW CSR PVT Key Passphrase -------------------------------------------------------------------------------------------------------------------- FCAP Empty NA Empty Empty Empty Empty RADIUS Empty Empty Empty Empty Empty NA LDAP Empty Empty Empty Empty Empty NA SYSLOG Empty Empty Empty Empty Empty NA HTTPS NA Empty Exist Empty Exist NA KAFKA NA Empty NA NA NA NA ASC NA Empty NA NA NA NA
Ursache
이 문제는 HTTPS 인증서 만료로 인해 발생하며 갱신해야 합니다.
SwitchA:FID128:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Period Of Validity Begins On Mar 23 12:05:31 2021 GMT Expires On Mar 23 12:05:31 2023 GMT Certificate expiry date is Mar 23 12:05:31 2023 GMT오류 덤프에서:
2023/03/22-23:59:35, [MAPS-1020], 549, FID 128, WARNING, SwitchA, Switch wide status has changed from HEALTHY to MARGINAL.
Lösung
자체 서명된 HTTPS 인증서를 생성합니다.
- 다음 명령을 사용하여 인증서가 업데이트되었는지 확인합니다.
seccertmgmt show -cert https
- 인증서가 업데이트되면 스위치 상태가 다시 정상으로 변경되는 데 최대 24시간이 걸릴 수 있습니다.
- 스위치 상태가 정상으로 변경되지 않은 경우 "hafailover" 또는 "hareboot" 수행을 고려하십시오.
SwitchA:admin> seccertmgmt generate -cert https -type rsa -keysize 2048 -hash sha256 -years 2 Generating a new certificate will do the following 1. Delete existing switch certificate(s). 2. Disable secure protocol HTTPS Warning: Certificate generation is CPU intensive and can cause high CPU usage Continue (yes, y, no, n): [no] y Generating ... ...Generated self-signed https certificate successfully. switchA:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Period Of Validity Begins On Nov 9 10:02:22 2023 GMT Expires On Nov 8 10:02:22 2025 GMT >> Certificate Updated
Betroffene Produkte
Connectrix B-SeriesArtikeleigenschaften
Artikelnummer: 000220191
Artikeltyp: Solution
Zuletzt geändert: 02 Sept. 2025
Version: 2
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.