NetWorker:NMC 伺服器版本變更後,NMC 無法驗證憑證。

Summary: Linux 主機上的 NetWorker Management Console (NMC) 軟體已更新。執行升級之後。NMC 的 GST 服務未啟動並報告證書驗證錯誤。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

  • Linux NetWorker Management Console (NMC) 伺服器套件已升級。
  • 可使用 nmc_config 編寫使用現有 (ue) 證書,已指定。
  • 可使用 nmc_config 指令檔報告以下錯誤:
[root@NMCxxx ~]# /opt/lgtonmc/bin/nmc_config
The embedded web server inside the NMC server must run as a non-root user.
EMC recommends that you specify a user that has limited privileges and
file access permissions. Default user name used is 'nsrnmc'.

Do you want to create new(cn) certificate or use existing(ue) certificate [ue]? ue

Do you want to use "/nsr/certs/certxxx.pem" certificate file & "/nsr/certs/privatekey.key" key file [y]? y

ERROR: Key file "/nsr/certs/privatekey.key" does not correspond to certificate file "/nsr/certs/certxxx.pem".
  • 可使用 /opt/lgtonmc/logs/Install.log 如下所示
Validation Failed, Configuration can not retained during upgrade.
Please run /opt/lgtonmc/bin/nmc_config after rpm installation.
Changing the ownership of /nsr/nmc/nmcdb to nsrnmc
** running: /opt/lgtonmc/bin/gstconfig -r
Reading private key from /nsr/certs/privatekey.key
Reading certificate from /nsr/certs/certxxx.pem
187258:gstconfig: Error while verifying certificate, error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length .
Error in comssl_verify_cert_and_privkeyReading private key from /nsr/certs/privatekey.key
187257:gstconfig: Could not read the private key.
187258:gstconfig: Error while verifying certificate, error:0906D06C:PEM routines:PEM_read_bio:no start line .
** running: /opt/lgtonmc/bin/gstconfig -c

Cause

讀取私鑰時,「使用現有」選項無法驗證簽名;原因尚未確定。

Resolution

  1. 在 NMC 伺服器上開啟根殼層,然後執行 /opt/lgtonmc/bin/nmc_config 腳本;但是,請指定建立新 (cn):
[root@NMCxxx certs]# /opt/lgtonmc/bin/nmc_config
NOTE
====
Install has detected the configuration file of a previous lgtonmc
package. Install will attempt to read the configuration parameters
in this file and present them as default values where appropriate.
Please modify any value that is incorrect or needs to be changed.
The embedded web server inside the NMC server must run as a non-root user.
EMC recommends that you specify a user that has limited privileges and
file access permissions. Default user name used is 'nsrnmc'.

Do you want to create new(cn) certificate or use existing(ue) certificate [ue]? cn
Creating new certificate for https configuration.

Specify the directory to use for the LGTOnmc database [/nsr/nmc/nmcdb]:
A database already exists in /nsr/nmc/nmcdb, do you want to retain this database [y]?
Specify the host name of the NetWorker Authentication Service host [Authxxx.FQDN]:
Start the NMC server daemons at end of the configuration [y]? SEE BELOW POINT BEFORE CHOOSING Y/N
Creating the installation log in /opt/lgtonmc/logs/install.log.
Performing initialization. Please wait...

The installation completed successfully.
  • 開始使用 GST 服務之前,請考慮下列事項:
    • 如果您先前使用的是由 nmc_config。您可以使用新生成的。在此情況下,請輸入 y 在指令檔完成後啟動 NMC 伺服器的 GST 服務。不需要執行進一步的步驟。
    • 如果您先前已將自我簽署憑證更換為 CA 簽署憑證,請輸入 n ,然後繼續執行以下步驟。
  1. 使用文字編輯器開啟 httpd.conf 檔案,以指定先前使用的憑證: vi /opt/lgtonmc/apache/conf/httpd.conf
    1. 搜尋 SSLCertificatefile 並指定以前使用的證書檔的完整路徑。
    2. 搜尋 SSLCertificateKeyfile 並指定以前使用的金鑰檔的完整路徑。
    3. 儲存檔案。
  2. 啟動 NetWorker 和 GST 服務: systemctl start gst
  3. 監視 /opt/lgtonmc/logs/gstd.raw 對於錯誤。

NetWorker:如何使用nsr_render_log呈現.raw紀錄檔

Additional Information

注意:如果在還原至先前的 CA 簽署憑證和金鑰後,問題仍然存在。驗證所使用的檔案,或參閱下列項目以匯入新的憑證和金鑰:NetWorker:如何匯入或更換 NMC 的認證授權單位簽署憑證

Affected Products

NetWorker, NetWorker Management Console

Products

NetWorker Family
Article Properties
Article Number: 000200619
Article Type: Solution
Last Modified: 09 Jan 2026
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.