PowerFlex 4.X Login Failure Using Scli After Fresh Install - CERTIFICATE_NOT_YET_VALID

Summary: After a new successful deployment of the PowerFlex resource group, when trying to log in for the first time using scli, the login fails with the error "CERTIFICATE_NOT_YET_VALID."

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

  • PowerFlex Manager Platform (PFMP) is healthy and functional.
  • The new PowerFlex resource group was deployed successfully
  • When trying to log in for the first time, the login fails:
[root@l-storage1 ~]# scli --login --username admin --management_system_ip test.powerflex.lab --password xxxxxxx --insecure
Successfully generated login certificate at /root/.scli/cli_cert.p12
Failed to validate certificate /root/.scli/cli_cert.p12. Reason: CERTIFICATE_NOT_YET_VALID
Error: Failed to connect to MDM 127.0.0.1:8611
Impact 

The user cannot admin log in to the PowerFlex system nodes using scli.

Cause

During PowerFlex resource group deployment, NTP was configured, however, due to a software code issue, nodes were not configured with NTP, resulting in an older date/time on the PowerFlex nodes.
 

Note: This issue is only seen when using CentOS 7 / Red Hat 7 OS image (image name: "DellEMC-PowerFlex-EmbeddedOS-7-x86_64.iso") during deployment but other OS images might be impacted.

Resolution

Configure the date/time or NTP manually on each PowerFlex node and retry logging in.

Steps to add the customer's internal NTP server details into chrony.conf

  1. Type the following command to enter the editor: 
    vi /etc/chrony.conf
  2. Use "I" key to enter Insert mode
  3. Use up arrow to navigate the cursor under the line "# Use public servers from the pool.ntp.org project."
  4. Press Enter to start a new line
  5. Type in the customer's NTP server details.
  6. Press esc to escape out of insert mode and then type " : wq"  to save and exit vi editor
  7. Use this command to check to make sure the new line is added: 
    cat /etc/chrony.conf | grep server
  8. Restart the chronyd service once you have verified that the NTP settings are correct. 
    systemctl restart chronyd
  9. Verify service restarted successfully: 
    systemctl status chronyd
  10. Once service is restarted successfully, check to make sure NTP is now showing connected. 
    chronyc tracking
  11. Once NTP shows that it is connected, retry the login 
    scli --login --management_system_ip [PFxM ingress IP] --username admin
Note: The above steps must be performed on all SDSs especially those with MDM roles, to ensure that they are able to connect to the certificates successfully.

Additional Information

Impacted Version

PowerFlex 4.x

Fixed In Version

PowerFlex 4.6.1

Article Properties
Article Number: 000223736
Article Type: Solution
Last Modified: 07 Oct 2025
Version:  6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.