Data Domain:會顯示自我簽署 HTTPS 憑證,而非匯入的憑證
Summary: 在最近的 Data Domain 作業系統 (DDOS) 版本遇到 Data Domain 無法提供有效的外部簽署 HTTPS 憑證的問題。相反,它預設為自簽名。然後,系統會優先使用預設的自我簽署憑證。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
受影響的版本:
- DDOS 8.3.1.20
- DDOS 8.6.0.0
- DDOS 7.13.1.60
Cause
在憑證匯入程序期間,未正確設定註冊金鑰。
控制 DDOS 是否使用外部憑證的註冊金鑰為: config_master.comm.ext.selfsigned
您可以從 Data Domain 命令行介面檢查目前的值。
例如:
sysadmin@dd# reg show config_master.comm.ext.selfsigned
config_master.comm.ext.selfsigned = false
具有自我簽署憑證 (未匯入) 的 Data Domain 範例:
sysadmin@dd# adminaccess certificate show
Subject Type Application Valid From Valid Until Fingerprint
-------------------- ---- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd.local.machine host https Tue Jan 20 12:29:48 2026 Sat Feb 20 12:29:48 2027 80:91:75:9B:E2:B1:21:6F:FD:1D:47:E3:A2:C5:9D:99:F7:BD:AB:4A
dd.local.machine ca trusted-ca Thu Feb 20 12:29:48 2025 Wed Feb 19 12:29:48 2031 B6:19:D5:E3:F5:15:FB:B0:39:80:33:F9:A9:86:BE:93:DB:D7:CA:B0
-------------------- ---- ----------- ------------------------ ------------------------ -----------------------------------------------------------在此範例中 config_master.comm.ext.selfsigned 應該是 TRUE。
具有外部簽署憑證 (已匯入) 的 Data Domain 範例:
sysadmin@dd# adminaccess certificate show
Subject Type Application Valid From Valid Until Fingerprint
-------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd.local.machine host https* Tue Jan 20 12:29:48 2026 Sat Feb 20 12:29:48 2027 80:91:75:9B:E2:B1:21:6F:FD:1D:47:E3:A2:C5:9D:99:F7:BD:AB:4A
dd.local.machine ca trusted-ca Thu Feb 20 12:29:48 2025 Wed Feb 19 12:29:48 2031 B6:19:D5:E3:F5:15:FB:B0:39:80:33:F9:A9:86:BE:93:DB:D7:CA:B0
dd.local.machine imported-host https Tue Jan 20 18:00:00 2026 Sun Feb 21 17:59:59 2027 99:14:66:93:51:22:E3:B0:52:3A:29:09:50:EE:C9:F1:EB:23:B4:76
-------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
在此範例中 config_master.comm.ext.selfsigned 應該是 FALSE。
Resolution
正確的 Data Domain 登錄檔設定為:
-
如果正在使用 DD 自我簽署 HTTPS 憑證 ,則可使用
config_master.comm.ext.selfsigned值必須設為 TRUE。 -
如果已匯入 外部簽署的 HTTPS 憑證 ,則
config_master.comm.ext.selfsigned必須設為 FALSE。
如果您目前的組態如上所示: adminaccess certificate show 不符合 registry value,打開支援票證並參考本文。
Additional Information
https://jira.cec.lab.emc.com/browse/DDOSCFD-29328https://jira.cec.lab.emc.com/browse/DDOSCFD-29834
Affected Products
Data DomainArticle Properties
Article Number: 000431698
Article Type: Solution
Last Modified: 03 Mar 2026
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.