Connectrix: Seria B: Wygasłe certyfikaty HTTPS powodują, że stan przełącznika jest marginalny
Summary: Wygasłe certyfikaty HTTPS wyzwalają alerty MAPS dotyczące stanu przełącznika i ustawiają stan na Marginalny.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Z danych wyjściowych MAPS:
mapsdb --show 2 Switch Health Report: ======================= Current Switch Policy Status: MARGINAL Contributing Factors: --------------------- *EXPIRED_CERTS (MARGINAL). SwitchA:admin> seccertmgmt show -all ssh private key: Does not Exist ssh public keys available for users: None Certificate Files: -------------------------------------------------------------------------------------------------------------------- Protocol Client CA Server CA SW CSR PVT Key Passphrase -------------------------------------------------------------------------------------------------------------------- FCAP Empty NA Empty Empty Empty Empty RADIUS Empty Empty Empty Empty Empty NA LDAP Empty Empty Empty Empty Empty NA SYSLOG Empty Empty Empty Empty Empty NA HTTPS NA Empty Exist Empty Exist NA KAFKA NA Empty NA NA NA NA ASC NA Empty NA NA NA NA
Cause
Ten problem spowodowany jest wygaśnięciem certyfikatu HTTPS, który musi zostać odnowiony.
SwitchA:FID128:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Period Of Validity Begins On Mar 23 12:05:31 2021 GMT Expires On Mar 23 12:05:31 2023 GMT Certificate expiry date is Mar 23 12:05:31 2023 GMTZe zrzutu błędu:
2023/03/22-23:59:35, [MAPS-1020], 549, FID 128, WARNING, SwitchA, Switch wide status has changed from HEALTHY to MARGINAL.
Resolution
Wygeneruj certyfikat HTTPS z podpisem własnym.
- Sprawdź, czy certyfikat został zaktualizowany za pomocą następującego polecenia.
seccertmgmt show -cert https
- Po zaktualizowaniu certyfikatu może upłynąć do 24 godzin, zanim stan przełącznika zmieni się z powrotem na Dobry.
- Rozważ wykonanie polecenia "hafailover" lub "hareboot", jeśli stan przełącznika nie zmienił się na zdrowy.
SwitchA:admin> seccertmgmt generate -cert https -type rsa -keysize 2048 -hash sha256 -years 2 Generating a new certificate will do the following 1. Delete existing switch certificate(s). 2. Disable secure protocol HTTPS Warning: Certificate generation is CPU intensive and can cause high CPU usage Continue (yes, y, no, n): [no] y Generating ... ...Generated self-signed https certificate successfully. switchA:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Period Of Validity Begins On Nov 9 10:02:22 2023 GMT Expires On Nov 8 10:02:22 2025 GMT >> Certificate Updated
Affected Products
Connectrix B-SeriesArticle Properties
Article Number: 000220191
Article Type: Solution
Last Modified: 02 Sept 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.