Avamar 19.3+:Goav 安全性金鑰存放區會透過自動修正顯示並檢查金鑰存放區和加密箱的執行狀況
Summary: 使用 Goav 工具顯示金鑰存放區內容,或檢查 Avamar 系統上所有金鑰存放區的健全狀況。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
支援的最新 Avamar 版本:19.10
命令集支援的 Avamar 版本:需要 19.3+
Goav 版本:1.39+,推薦版本最低 1.50
下載/安裝 Goav 工具
000192151 |Avamar:Goav 工具
註解
- 在 Avamar 的每個後續版本之後,必須再次驗證該功能。
- 所有 goav 安全命令必須以 root 身份運行。
特點
顯示金鑰庫內容
此命令會提供下拉式選擇提示,以選擇要列印的金鑰存放區
使用選用的自動修正
檢查金鑰存放區和加密箱組態此命令會針對 Avamar 系統上的所有金鑰存放區執行數次執行狀況檢查。
- 檢查每個金鑰庫是否存在。
- 檢查金鑰庫許可權和擁有權。
- 檢查加密箱金鑰庫密碼短語運行狀況。
- 檢查密碼箱和金鑰庫密碼是否匹配。
- 檢查每個金鑰庫的格式是否正確 (PKCS12)。
- 檢查每個金鑰庫中是否存在每個必需的別名(證書)。
- 列印帶有詳細問題訊息的通過/失敗摘要。
範例
顯示金鑰庫
在被動模式下檢查金鑰庫組態
在主動/自動修正模式下檢查金鑰存放區組態
命令集支援的 Avamar 版本:需要 19.3+
Goav 版本:1.39+,推薦版本最低 1.50
下載/安裝 Goav 工具
000192151 |Avamar:Goav 工具
註解
- 在 Avamar 的每個後續版本之後,必須再次驗證該功能。
- 所有 goav 安全命令必須以 root 身份運行。
特點
顯示金鑰庫內容
此命令會提供下拉式選擇提示,以選擇要列印的金鑰存放區
./goav security keystore show
此命令會將所有金鑰存放區列印到螢幕。
./goav security keystore show --all
使用選用的自動修正
檢查金鑰存放區和加密箱組態此命令會針對 Avamar 系統上的所有金鑰存放區執行數次執行狀況檢查。
- 檢查每個金鑰庫是否存在。
- 檢查金鑰庫許可權和擁有權。
- 檢查加密箱金鑰庫密碼短語運行狀況。
- 檢查密碼箱和金鑰庫密碼是否匹配。
- 檢查每個金鑰庫的格式是否正確 (PKCS12)。
- 檢查每個金鑰庫中是否存在每個必需的別名(證書)。
- 列印帶有詳細問題訊息的通過/失敗摘要。
./goav security keystore check-config
此命令會針對所有金鑰存放區執行數次執行狀況檢查,並自動修正。
- 檢查每個金鑰庫是否存在。
- 檢查金鑰庫許可權和擁有權
- 檢查加密箱金鑰庫密碼短語運行狀況。
- 檢查密碼箱/金鑰庫密碼是否匹配。
- 檢查每個金鑰庫的格式是否正確 (PKCS12)。
- 檢查每個金鑰庫中是否存在每個必需的別名(證書)。
- 列印帶有詳細問題訊息的通過/失敗摘要。
- 自動重新生成丟失的金鑰庫。
- 自動修復許可權和擁有權。
- 如果密碼箱密碼與金鑰庫密碼不匹配,則自動重新生成金鑰庫。
- 在重新生成
之前備份現有金鑰庫 - 如有必要,自動重新生成密鑰庫或特定別名。
- 從 Java RMI 金鑰庫更新 MCSSL 私鑰條目,以與 avi 和 tomcat 金鑰庫同步。
- 重新啟動適當的服務
./goav security keystore check-config --fix
範例
顯示金鑰庫
root@ser-ave03:/home/admin/#: ./goav security keystore show
===========================================================
GoAv : 1.39
Avamar : 19.7
Date : 19 Oct 2022 10:28 MDT
===========================================================
NOTE: This is not an official tool
===========================================================
Use the arrow keys to navigate: ↓ ↑ → ←
Select Keystore to Print:
RMI_SSL_KEYSTORE
AVAMAR_KEYSTORE
→ AVINSTALLER_KEYSTORE
TOMCAT_KEYSTORE
在被動模式下檢查金鑰庫組態
root@avmr-4400-rtp:/usr/local/avamar/lib/#: ~admin/goav security keystore check-config =========================================================== GoAv : 1.49 Avamar : 19.4 Date : 17 Mar 2023 13:31 EDT =========================================================== COMMAND : /home/admin/goav security keystore check-config NOTE: This is not an official tool =========================================================== Table: Keystore Existence/Permissions Check ------------------------------------------- Name | Path | Exists | Current Permissions | Expected Permissions | Current Ownership | Expected Ownership -----------------------+----------------------------------------+--------+-----------------------+----------------------+-----------------------+--------------------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | true | rw-rw---- | rw-rw---- | root admin | root admin AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | true | rw-rw---- | rw-rw---- | root root | root admin AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | false | emtpy: file not found | rw-r--r-- | empty: file not found | avi avi TOMCAT_KEYSTORE | /home/admin/.keystore | true | rwxr----- | rwxr----- | admin admin | admin admin Task: Lockbox Passphrase Check ------------------------------ Keystore Passphrase (From Lockbox): changeme Table: Lockbox/Keystore Passphrase Match ---------------------------------------- Name | Lockbox/Keystore Passphrase | Match -----------------------+--------------------------------- RMI_SSL_KEYSTORE | false AVAMAR_KEYSTORE | true AVINSTALLER_KEYSTORE | false TOMCAT_KEYSTORE | true Keystore Format (JKS/PKCS12) ---------------------------- Name | Format -----------------------+---------- RMI_SSL_KEYSTORE | Unknown AVAMAR_KEYSTORE | PKCS12 AVINSTALLER_KEYSTORE | Unknown TOMCAT_KEYSTORE | PKCS12 Table: Keystore Alias Check --------------------------- Name | Path | Alias | Exists -----------------------+----------------------------------------+-----------+--------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcssl | false RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcjwt | false AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcecroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcectls | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsaroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsatls | true AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | tomcat | false AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | mcssl | false TOMCAT_KEYSTORE | /home/admin/.keystore | tomcat | false TOMCAT_KEYSTORE | /home/admin/.keystore | mcssl | true Summary ------- *** FAIL *** keystore check-config FAILED OVERALL PROBLEM: AVINSTALLER_KEYSTORE does not exist PROBLEM: AVAMAR_KEYSTORE ownership/permissions incorrect PROBLEM: AVINSTALLER_KEYSTORE ownership/permissions incorrect PROBLEM: changeme is not the correct passphrase for keystore RMI_SSL_KEYSTORE PROBLEM: changeme is not the correct passphrase for keystore AVINSTALLER_KEYSTORE PROBLEM: RMI_SSL_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: AVINSTALLER_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: mcssl alias does not exist in RMI_SSL_KEYSTORE PROBLEM: mcjwt alias does not exist in RMI_SSL_KEYSTORE PROBLEM: tomcat alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: mcssl alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: tomcat alias does not exist in TOMCAT_KEYSTORE
在主動/自動修正模式下檢查金鑰存放區組態
root@avamar-rtp:/usr/local/avamar/lib/#: ~admin/goav security keystore check-config --fix =========================================================== GoAv : 1.49 Avamar : 19.4 Date : 17 Mar 2023 13:32 EDT =========================================================== COMMAND : /home/admin/goav security keystore check-config --fix NOTE: This is not an official tool =========================================================== Table: Keystore Existence/Permissions Check ------------------------------------------- Name | Path | Exists | Current Permissions | Expected Permissions | Current Ownership | Expected Ownership -----------------------+----------------------------------------+--------+-----------------------+----------------------+-----------------------+--------------------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | true | rw-rw---- | rw-rw---- | root admin | root admin AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | true | rw-rw---- | rw-rw---- | root root | root admin AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | false | emtpy: file not found | rw-r--r-- | empty: file not found | avi avi TOMCAT_KEYSTORE | /home/admin/.keystore | true | rwxr----- | rwxr----- | admin admin | admin admin Task: Lockbox Passphrase Check ------------------------------ Keystore Passphrase (From Lockbox): changeme Table: Lockbox/Keystore Passphrase Match ---------------------------------------- Name | Lockbox/Keystore Passphrase | Match -----------------------+--------------------------------- RMI_SSL_KEYSTORE | false AVAMAR_KEYSTORE | true AVINSTALLER_KEYSTORE | false TOMCAT_KEYSTORE | true Keystore Format (JKS/PKCS12) ---------------------------- Name | Format -----------------------+---------- RMI_SSL_KEYSTORE | Unknown AVAMAR_KEYSTORE | PKCS12 AVINSTALLER_KEYSTORE | Unknown TOMCAT_KEYSTORE | PKCS12 Table: Keystore Alias Check --------------------------- Name | Path | Alias | Exists -----------------------+----------------------------------------+-----------+--------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcssl | false RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcjwt | false AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcecroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcectls | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsaroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsatls | true AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | tomcat | false AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | mcssl | false TOMCAT_KEYSTORE | /home/admin/.keystore | tomcat | false TOMCAT_KEYSTORE | /home/admin/.keystore | mcssl | true Summary ------- *** FAIL *** keystore check-config FAILED OVERALL PROBLEM: AVINSTALLER_KEYSTORE does not exist PROBLEM: AVAMAR_KEYSTORE ownership/permissions incorrect PROBLEM: AVINSTALLER_KEYSTORE ownership/permissions incorrect PROBLEM: changeme is not the correct passphrase for keystore RMI_SSL_KEYSTORE PROBLEM: changeme is not the correct passphrase for keystore AVINSTALLER_KEYSTORE PROBLEM: RMI_SSL_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: AVINSTALLER_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: mcssl alias does not exist in RMI_SSL_KEYSTORE PROBLEM: mcjwt alias does not exist in RMI_SSL_KEYSTORE PROBLEM: tomcat alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: mcssl alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: tomcat alias does not exist in TOMCAT_KEYSTORE ************************ Task: Auto-Fix Keystores ************************ INFO: Begin fixing any keystore issues... INFO: Renaming /usr/local/avamar/lib/rmi_ssl_keystore in order to regenerate... INFO: Renamed /usr/local/avamar/lib/rmi_ssl_keystore to /usr/local/avamar/lib/x-rmi_ssl_keystore.bak INFO: Renaming /usr/local/avamar/lib/rmi_ssl_keystore in order to regenerate succeeded INFO: Regenerating RMI_SSL_KEYSTORE Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US [Storing /usr/local/avamar/lib/rmi_ssl_keystore] Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US Enter key password for <mcjwt> (RETURN if same as keystore password): [Storing /usr/local/avamar/lib/rmi_ssl_keystore] INFO: RMI_SSL_KEYSTORE Successfully Regenerated INFO: Please re-import any vcenter certificate if vcenter certificate authentication is used INFO: RMI_SSL_KEYSTORE Permissions & Ownership Updated INFO: Regenerating AVINSTALLER_KEYSTORE Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US [Storing /usr/local/avamar/lib/avi/avi_keystore] INFO: AVINSTALLER_KEYSTORE Successfully Regenerated INFO: AVINSTALLER_KEYSTORE Permissions & Ownership Updated INFO: Renaming /home/admin/.keystore in order to regenerate... INFO: Renamed /home/admin/.keystore to /home/admin/x-.keystore.bak INFO: Renaming /home/admin/.keystore in order to regenerate succeeded INFO: Regenerating TOMCAT_KEYSTORE Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US [Storing /home/admin/.keystore] INFO: TOMCAT_KEYSTORE Successfully Regenerated INFO: TOMCAT_KEYSTORE Permissions & Ownership Updated INFO: Updating mcssl certificate from rmi keystore to tomcat and avi keystore... INFO: Updating mcssl certificate from rmi keystore to tomcat and avi keystore succeeded INFO: Restarting MCS [======> ] INFO: Restarting MCS succeeded INFO: Restarting avinstaller service [==========> ] INFO: Restarting avinstaller service succeeded INFO: Restarting tomcat service [ ] INFO: Restarting tomcat service succeeded DONE
Affected Products
AvamarArticle Properties
Article Number: 000204386
Article Type: How To
Last Modified: 30 Oct 2025
Version: 15
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.