NetWorker:NMC 服务器版本更改后,NMC 无法验证证书。
Summary: NetWorker Management Console (NMC) 软件在 Linux 主机上更新。执行升级后。NMC 的 GST 服务未启动并报告证书验证错误。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
- Linux NetWorker Management Console (NMC) 服务器软件包已升级。
- 而
nmc_config脚本选项以使用 Existing (ue) 证书,已指定。 - 而
nmc_config脚本报告以下错误:
[root@NMCxxx ~]# /opt/lgtonmc/bin/nmc_config
The embedded web server inside the NMC server must run as a non-root user.
EMC recommends that you specify a user that has limited privileges and
file access permissions. Default user name used is 'nsrnmc'.
Do you want to create new(cn) certificate or use existing(ue) certificate [ue]? ue
Do you want to use "/nsr/certs/certxxx.pem" certificate file & "/nsr/certs/privatekey.key" key file [y]? y
ERROR: Key file "/nsr/certs/privatekey.key" does not correspond to certificate file "/nsr/certs/certxxx.pem".
- 而
/opt/lgtonmc/logs/Install.log如下所示
Validation Failed, Configuration can not retained during upgrade.
Please run /opt/lgtonmc/bin/nmc_config after rpm installation.
Changing the ownership of /nsr/nmc/nmcdb to nsrnmc
** running: /opt/lgtonmc/bin/gstconfig -r
Reading private key from /nsr/certs/privatekey.key
Reading certificate from /nsr/certs/certxxx.pem
187258:gstconfig: Error while verifying certificate, error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length .
Error in comssl_verify_cert_and_privkeyReading private key from /nsr/certs/privatekey.key
187257:gstconfig: Could not read the private key.
187258:gstconfig: Error while verifying certificate, error:0906D06C:PEM routines:PEM_read_bio:no start line .
** running: /opt/lgtonmc/bin/gstconfig -cCause
“使用现有项”选项在读取私钥时无法验证签名;原因未确定。
Resolution
- 在 NMC 服务器上打开 root shell,然后运行
/opt/lgtonmc/bin/nmc_config脚本;但是,指定新建 (cn):
[root@NMCxxx certs]# /opt/lgtonmc/bin/nmc_config
NOTE
====
Install has detected the configuration file of a previous lgtonmc
package. Install will attempt to read the configuration parameters
in this file and present them as default values where appropriate.
Please modify any value that is incorrect or needs to be changed.
The embedded web server inside the NMC server must run as a non-root user.
EMC recommends that you specify a user that has limited privileges and
file access permissions. Default user name used is 'nsrnmc'.
Do you want to create new(cn) certificate or use existing(ue) certificate [ue]? cn
Creating new certificate for https configuration.
Specify the directory to use for the LGTOnmc database [/nsr/nmc/nmcdb]:
A database already exists in /nsr/nmc/nmcdb, do you want to retain this database [y]?
Specify the host name of the NetWorker Authentication Service host [Authxxx.FQDN]:
Start the NMC server daemons at end of the configuration [y]? SEE BELOW POINT BEFORE CHOOSING Y/N
Creating the installation log in /opt/lgtonmc/logs/install.log.
Performing initialization. Please wait...
The installation completed successfully.
- 在开始消费税服务之前,请考虑以下事项:
-
- 如果您之前使用的是由 创建的默认自签名证书,则
nmc_config。您可以使用新生成的。在这种情况下,请输入y在脚本完成后启动 NMC 服务器的 GST 服务。无需执行进一步的步骤。 - 如果您之前已将自签名证书替换为 CA 签名证书,请输入
n,然后继续执行以下步骤。
- 如果您之前使用的是由 创建的默认自签名证书,则
- 使用文本编辑器打开
httpd.conf指定以前使用的证书的文件:vi /opt/lgtonmc/apache/conf/httpd.conf- 搜索
SSLCertificatefile并指定以前使用的证书文件的完整路径。 - 搜索
SSLCertificateKeyfile并指定以前使用的密钥文件的完整路径。 - 保存文件。
- 搜索
- 启动 NetWorker 和 GST 服务:
systemctl start gst - 监控
/opt/lgtonmc/logs/gstd.raw对于错误。
Additional Information
提醒:如果在恢复到以前的 CA 签名证书和密钥后问题仍然存在。验证用于导入新证书和密钥的文件或参阅以下文章:NetWorker:如何导入或更换 NMC 的证书颁发机构签名证书
Affected Products
NetWorker, NetWorker Management ConsoleProducts
NetWorker FamilyArticle Properties
Article Number: 000200619
Article Type: Solution
Last Modified: 09 Jan 2026
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.