Data Domain:显示自签名 https 证书,而不是导入的证书
Summary: 最近的 Data Domain作系统 (DDOS) 版本遇到 Data Domain 无法提供有效的外部签名 HTTPS 证书的问题。相反,它默认为自签名。然后,系统会优先处理默认自签名证书。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
受影响的版本:
- DDOS 8.3.1.20
- DDOS 8.6.0.0
- DDOS 7.13.1.60
Cause
在证书导入过程中未正确设置注册密钥。
用于控制 DDOS 是否使用外部证书的注册密钥为: config_master.comm.ext.selfsigned
您可以从 Data Domain 命令行界面检查当前值。
例如:
sysadmin@dd# reg show config_master.comm.ext.selfsigned
config_master.comm.ext.selfsigned = false
具有自签名证书的 Data Domain 示例(未导入):
sysadmin@dd# adminaccess certificate show
Subject Type Application Valid From Valid Until Fingerprint
-------------------- ---- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd.local.machine host https Tue Jan 20 12:29:48 2026 Sat Feb 20 12:29:48 2027 80:91:75:9B:E2:B1:21:6F:FD:1D:47:E3:A2:C5:9D:99:F7:BD:AB:4A
dd.local.machine ca trusted-ca Thu Feb 20 12:29:48 2025 Wed Feb 19 12:29:48 2031 B6:19:D5:E3:F5:15:FB:B0:39:80:33:F9:A9:86:BE:93:DB:D7:CA:B0
-------------------- ---- ----------- ------------------------ ------------------------ -----------------------------------------------------------在本示例中 config_master.comm.ext.selfsigned 应该是 TRUE。
具有外部签名证书的 Data Domain 示例(已导入):
sysadmin@dd# adminaccess certificate show
Subject Type Application Valid From Valid Until Fingerprint
-------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd.local.machine host https* Tue Jan 20 12:29:48 2026 Sat Feb 20 12:29:48 2027 80:91:75:9B:E2:B1:21:6F:FD:1D:47:E3:A2:C5:9D:99:F7:BD:AB:4A
dd.local.machine ca trusted-ca Thu Feb 20 12:29:48 2025 Wed Feb 19 12:29:48 2031 B6:19:D5:E3:F5:15:FB:B0:39:80:33:F9:A9:86:BE:93:DB:D7:CA:B0
dd.local.machine imported-host https Tue Jan 20 18:00:00 2026 Sun Feb 21 17:59:59 2027 99:14:66:93:51:22:E3:B0:52:3A:29:09:50:EE:C9:F1:EB:23:B4:76
-------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
在本示例中 config_master.comm.ext.selfsigned 应该是 FALSE。
Resolution
正确的 Data Domain 注册表设置是:
-
如果使用的是 DD 自签名 HTTPS 证书 ,则
config_master.comm.ext.selfsignedvalue 必须设置为 TRUE。 -
如果已导入 外部签名的 HTTPS 证书 ,则
config_master.comm.ext.selfsigned必须设置为 FALSE。
如果您当前的配置如上所示: adminaccess certificate show 与 registry value,打开支持票证并引用本文。
Additional Information
https://jira.cec.lab.emc.com/browse/DDOSCFD-29328https://jira.cec.lab.emc.com/browse/DDOSCFD-29834
Affected Products
Data DomainArticle Properties
Article Number: 000431698
Article Type: Solution
Last Modified: 03 Mar 2026
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.