Avamar 19.3+: Mostrar y comprobar el estado del almacén de claves y de la caja de seguridad de Goav Security con corrección automática

Summary: Utilice la herramienta Goav para mostrar el contenido del almacén de claves o comprobar el estado de todos los almacenes de claves en el sistema Avamar.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Versión más reciente de Avamar compatible: Versiones de Avamar soportadas con el conjunto de comandos 19.10
: Se requiere la versión 19.3 +
Goav: 1.39+, versión recomendada mínima 1.50


Descargar/Instalar la herramienta

Goav 000192151 | Avamar: Herramienta


GoavNotas

- En cada versión posterior de Avamar, la función se debe validar nuevamente.
- Todos los comandos de seguridad de goav deben ejecutarse como root.


Funciones

Mostrar contenido

del almacén de clavesEste comando ofrece un símbolo del sistema de selección desplegable para elegir el almacén de claves que se imprimirá 
./goav security keystore show


Este comando imprime todos los almacenamientos de claves en la pantalla.

./goav security keystore show --all


Compruebe la configuración del almacén de claves y de la caja de seguridad con corrección

automática opcionalEste comando realiza varias evaluaciones del estado en todos los almacenamientos de claves del sistema Avamar.
- Compruebe que exista cada almacén de claves.
- Compruebe los permisos y la propiedad del almacén de claves.
- Compruebe el estado de la frase de contraseña del almacén de claves de la caja de seguridad.
- Compruebe que la caja de seguridad y la frase de contraseña del almacén de claves coincidan.
- Compruebe que cada almacén de claves tenga el formato adecuado (PKCS12).
- Compruebe que cada alias (certificado) requerido esté presente en cada almacén de claves.
- Imprima un resumen de aprobación/reprobación con mensajes detallados del problema. 
./goav security keystore check-config

 

Este comando realiza varias evaluaciones del estado en todos los almacenes de claves y las corrige automáticamente.
- Compruebe que exista cada almacén de claves.
- Compruebe los permisos y la propiedad
del almacén de claves: compruebe el estado de la frase de contraseña del almacén de claves de la caja de seguridad.
- Compruebe que la caja de seguridad y la frase de contraseña del almacén de claves coincidan.
- Compruebe que cada almacén de claves tenga el formato adecuado (PKCS12).
- Compruebe que cada alias (certificado) requerido esté presente en cada almacén de claves.
- Imprima un resumen de aprobación/reprobación con mensajes detallados del problema.
- Regeneración automática de los almacenes de claves faltantes.
- Corrija automáticamente los permisos y la propiedad.
- Regeneración automática del almacén de claves si la frase de contraseña de la caja de seguridad no coincide con la frase de contraseña del almacén de claves.
- Copia de seguridad del almacén de claves existente antes de la regeneración
: vuelva a generar automáticamente un almacén de claves o un alias específico si es necesario.
- Actualización de la entrada de clave privada MCSSL desde el almacén de claves RMI de Java para sincronizar con el almacén de claves avi y tomcat.
- Reiniciar los servicios apropiados

./goav security keystore check-config --fix


Ejemplos

Mostrar un almacén de claves 
root@ser-ave03:/home/admin/#: ./goav security keystore show
===========================================================
GoAv    :        1.39
Avamar  :        19.7
Date    :        19 Oct 2022 10:28 MDT
===========================================================
NOTE: This is not an official tool
===========================================================
Use the arrow keys to navigate: ↓ ↑ → ←
Select Keystore to Print:
    RMI_SSL_KEYSTORE
    AVAMAR_KEYSTORE
  → AVINSTALLER_KEYSTORE
    TOMCAT_KEYSTORE

Compruebe la configuración del almacén de claves en modo pasivo 
root@avmr-4400-rtp:/usr/local/avamar/lib/#: ~admin/goav security keystore check-config
===========================================================
GoAv    :        1.49
Avamar  :        19.4
Date    :        17 Mar 2023 13:31 EDT
===========================================================
COMMAND :  /home/admin/goav security keystore check-config
NOTE: This is not an official tool
===========================================================
Table: Keystore Existence/Permissions Check
-------------------------------------------

          Name         |                  Path                  | Exists |  Current Permissions  | Expected Permissions |   Current Ownership   | Expected Ownership
-----------------------+----------------------------------------+--------+-----------------------+----------------------+-----------------------+---------------------
  RMI_SSL_KEYSTORE     | /usr/local/avamar/lib/rmi_ssl_keystore | true   | rw-rw----             | rw-rw----            | root admin            | root admin
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | true   | rw-rw----             | rw-rw----            | root root             | root admin
  AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | false  | emtpy: file not found | rw-r--r--            | empty: file not found | avi avi
  TOMCAT_KEYSTORE      | /home/admin/.keystore                  | true   | rwxr-----             | rwxr-----            | admin admin           | admin admin


Task: Lockbox Passphrase Check
------------------------------

Keystore Passphrase (From Lockbox): changeme


Table: Lockbox/Keystore Passphrase Match
----------------------------------------

          Name         |  Lockbox/Keystore Passphrase
                       |             Match
-----------------------+---------------------------------
  RMI_SSL_KEYSTORE     | false
  AVAMAR_KEYSTORE      | true
  AVINSTALLER_KEYSTORE | false
  TOMCAT_KEYSTORE      | true


Keystore Format (JKS/PKCS12)
----------------------------

          Name         | Format
-----------------------+----------
  RMI_SSL_KEYSTORE     | Unknown
  AVAMAR_KEYSTORE      | PKCS12
  AVINSTALLER_KEYSTORE | Unknown
  TOMCAT_KEYSTORE      | PKCS12


Table: Keystore Alias Check
---------------------------

          Name         |                  Path                  |   Alias   | Exists
-----------------------+----------------------------------------+-----------+---------
  RMI_SSL_KEYSTORE     | /usr/local/avamar/lib/rmi_ssl_keystore | mcssl     | false
  RMI_SSL_KEYSTORE     | /usr/local/avamar/lib/rmi_ssl_keystore | mcjwt     | false
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | mcecroot  | true
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | mcectls   | true
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | mcrsaroot | true
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | mcrsatls  | true
  AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | tomcat    | false
  AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | mcssl     | false
  TOMCAT_KEYSTORE      | /home/admin/.keystore                  | tomcat    | false
  TOMCAT_KEYSTORE      | /home/admin/.keystore                  | mcssl     | true


Summary
-------

*** FAIL *** keystore check-config FAILED OVERALL
PROBLEM: AVINSTALLER_KEYSTORE does not exist
PROBLEM: AVAMAR_KEYSTORE ownership/permissions incorrect
PROBLEM: AVINSTALLER_KEYSTORE ownership/permissions incorrect
PROBLEM: changeme is not the correct passphrase for keystore RMI_SSL_KEYSTORE
PROBLEM: changeme is not the correct passphrase for keystore AVINSTALLER_KEYSTORE
PROBLEM: RMI_SSL_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch
PROBLEM: AVINSTALLER_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch
PROBLEM: mcssl alias does not exist in RMI_SSL_KEYSTORE
PROBLEM: mcjwt alias does not exist in RMI_SSL_KEYSTORE
PROBLEM: tomcat alias does not exist in AVINSTALLER_KEYSTORE
PROBLEM: mcssl alias does not exist in AVINSTALLER_KEYSTORE
PROBLEM: tomcat alias does not exist in TOMCAT_KEYSTORE

Compruebe la configuración del almacén de claves en el modo de corrección activo/automático 
root@avamar-rtp:/usr/local/avamar/lib/#: ~admin/goav security keystore check-config --fix
===========================================================
GoAv    :        1.49
Avamar  :        19.4
Date    :        17 Mar 2023 13:32 EDT
===========================================================
COMMAND :  /home/admin/goav security keystore check-config --fix
NOTE: This is not an official tool
===========================================================
Table: Keystore Existence/Permissions Check
-------------------------------------------

          Name         |                  Path                  | Exists |  Current Permissions  | Expected Permissions |   Current Ownership   | Expected Ownership
-----------------------+----------------------------------------+--------+-----------------------+----------------------+-----------------------+---------------------
  RMI_SSL_KEYSTORE     | /usr/local/avamar/lib/rmi_ssl_keystore | true   | rw-rw----             | rw-rw----            | root admin            | root admin
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | true   | rw-rw----             | rw-rw----            | root root             | root admin
  AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | false  | emtpy: file not found | rw-r--r--            | empty: file not found | avi avi
  TOMCAT_KEYSTORE      | /home/admin/.keystore                  | true   | rwxr-----             | rwxr-----            | admin admin           | admin admin


Task: Lockbox Passphrase Check
------------------------------

Keystore Passphrase (From Lockbox): changeme


Table: Lockbox/Keystore Passphrase Match
----------------------------------------

          Name         |  Lockbox/Keystore Passphrase
                       |             Match
-----------------------+---------------------------------
  RMI_SSL_KEYSTORE     | false
  AVAMAR_KEYSTORE      | true
  AVINSTALLER_KEYSTORE | false
  TOMCAT_KEYSTORE      | true


Keystore Format (JKS/PKCS12)
----------------------------

          Name         | Format
-----------------------+----------
  RMI_SSL_KEYSTORE     | Unknown
  AVAMAR_KEYSTORE      | PKCS12
  AVINSTALLER_KEYSTORE | Unknown
  TOMCAT_KEYSTORE      | PKCS12


Table: Keystore Alias Check
---------------------------

          Name         |                  Path                  |   Alias   | Exists
-----------------------+----------------------------------------+-----------+---------
  RMI_SSL_KEYSTORE     | /usr/local/avamar/lib/rmi_ssl_keystore | mcssl     | false
  RMI_SSL_KEYSTORE     | /usr/local/avamar/lib/rmi_ssl_keystore | mcjwt     | false
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | mcecroot  | true
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | mcectls   | true
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | mcrsaroot | true
  AVAMAR_KEYSTORE      | /usr/local/avamar/lib/avamar_keystore  | mcrsatls  | true
  AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | tomcat    | false
  AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | mcssl     | false
  TOMCAT_KEYSTORE      | /home/admin/.keystore                  | tomcat    | false
  TOMCAT_KEYSTORE      | /home/admin/.keystore                  | mcssl     | true


Summary
-------

*** FAIL *** keystore check-config FAILED OVERALL
PROBLEM: AVINSTALLER_KEYSTORE does not exist
PROBLEM: AVAMAR_KEYSTORE ownership/permissions incorrect
PROBLEM: AVINSTALLER_KEYSTORE ownership/permissions incorrect
PROBLEM: changeme is not the correct passphrase for keystore RMI_SSL_KEYSTORE
PROBLEM: changeme is not the correct passphrase for keystore AVINSTALLER_KEYSTORE
PROBLEM: RMI_SSL_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch
PROBLEM: AVINSTALLER_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch
PROBLEM: mcssl alias does not exist in RMI_SSL_KEYSTORE
PROBLEM: mcjwt alias does not exist in RMI_SSL_KEYSTORE
PROBLEM: tomcat alias does not exist in AVINSTALLER_KEYSTORE
PROBLEM: mcssl alias does not exist in AVINSTALLER_KEYSTORE
PROBLEM: tomcat alias does not exist in TOMCAT_KEYSTORE


************************
Task: Auto-Fix Keystores
************************

INFO: Begin fixing any keystore issues...
INFO: Renaming /usr/local/avamar/lib/rmi_ssl_keystore in order to regenerate...
INFO: Renamed /usr/local/avamar/lib/rmi_ssl_keystore to /usr/local/avamar/lib/x-rmi_ssl_keystore.bak
INFO: Renaming /usr/local/avamar/lib/rmi_ssl_keystore in order to regenerate succeeded
INFO: Regenerating RMI_SSL_KEYSTORE
Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days
        for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US
[Storing /usr/local/avamar/lib/rmi_ssl_keystore]
Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days
        for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US
Enter key password for <mcjwt>
        (RETURN if same as keystore password):  [Storing /usr/local/avamar/lib/rmi_ssl_keystore]
INFO: RMI_SSL_KEYSTORE Successfully Regenerated
INFO: Please re-import any vcenter certificate if vcenter certificate authentication is used
INFO: RMI_SSL_KEYSTORE Permissions & Ownership Updated


INFO: Regenerating AVINSTALLER_KEYSTORE
Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days
        for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US
[Storing /usr/local/avamar/lib/avi/avi_keystore]
INFO: AVINSTALLER_KEYSTORE Successfully Regenerated
INFO: AVINSTALLER_KEYSTORE Permissions & Ownership Updated


INFO: Renaming /home/admin/.keystore in order to regenerate...
INFO: Renamed /home/admin/.keystore to /home/admin/x-.keystore.bak
INFO: Renaming /home/admin/.keystore in order to regenerate succeeded
INFO: Regenerating TOMCAT_KEYSTORE
Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days
        for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US
[Storing /home/admin/.keystore]
INFO: TOMCAT_KEYSTORE Successfully Regenerated
INFO: TOMCAT_KEYSTORE Permissions & Ownership Updated


INFO: Updating mcssl certificate from rmi keystore to tomcat and avi keystore...
INFO: Updating mcssl certificate from rmi keystore to tomcat and avi keystore succeeded
INFO: Restarting MCS   [======>             ]
INFO: Restarting MCS succeeded
INFO: Restarting avinstaller service   [==========>         ]
INFO: Restarting avinstaller service succeeded
INFO: Restarting tomcat service   [                    ]
INFO: Restarting tomcat service succeeded

DONE

Affected Products

Avamar
Article Properties
Article Number: 000204386
Article Type: How To
Last Modified: 30 Oct 2025
Version:  15
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.