PowerFlex 3.X: 簡報伺服器的 Web UI 無法載入
Summary: 簡報伺服器的 Web UI 無法載入,因為憑證中有多個主旨替代名稱 (SAN) 副檔名。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
演示伺服器服務啟動,但網頁無法載入初始登錄螢幕。
[root@host1 .config]# systemctl status mgmt-server.service
● mgmt-server.service - Scaleio MGMT Server
Loaded: loaded (/etc/systemd/system/mgmt-server.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-1-09 05:30:03 EST; 11s ago
Main PID: 29700 (java)
CGroup: /system.slice/mgmt-server.service
└─29700 /bin/java -Xmx4g -Dlog4j2.formatMsgNoLookups=true -Djna.tmpdir=/opt/emc/scaleio/mgmt-server/tmp -Djava.io.tmpdir=/opt/emc/scaleio/mg...
Dec 09 05:30:08 host1 java[29700]: at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320)
...
Dec 09 05:30:08 host1 java[29700]: at java.lang.Thread.run(Thread.java:750)
簡報伺服器記錄會顯示下列錯誤:
/opt/emc/scaleio/mgmt-server/logs/scaleio.log:
Suppressed: com.google.common.util.concurrent.ServiceManager$FailedService: HttpdService [FAILED]
Caused by: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1288)
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1270)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:372)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:243)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.server.Server.doStart(Server.java:401)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at com.emc.vxflexos.webui.backend.httpd.HttpdService.startUp(HttpdService.java:31)
at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62)
at com.google.common.util.concurrent.Callables$4.run(Callables.java:119)
at java.lang.Thread.run(Thread.java:750)
執行下列命令,以確認簡報伺服器是否使用多個 SAN 項目。這可以針對客戶要續約或更換且有多個 SAN 延伸裝置項目的憑證執行。
[root@host1 /]# openssl x509 -noout -text -in <location_of_new_signed_cert> | grep -A1 -i 'Subject Alternative Name'
X509v3 Subject Alternative Name:
DNS:host1, DNS:host1.
影響
若無法載入管理伺服器的 Web UI,將無法透過使用者介面 (UI) 管理 PowerFlex 叢集。這會降低 PowerFlex 系統的易用管理和操作性。
Cause
當 Jetty 架構,特別是基類別 org.eclipse.jetty.util.ssl.SslContextFactory 嘗試處理金鑰庫中的多個證書,該操作並非旨在處理。實質上,受影響的演示文稿伺服器版本無法管理包含多個使用者備用名稱 (SAN) 擴展條目的證書,這會導致它在遇到此類證書時失敗。
Resolution
- 使用僅包含單個使用者備用名稱 (SAN) 擴展項的證書。這符合 mgmt-server 目前的限制,應可正常運作。
- 將 mgmt-server 升級至 3.6.1 版。此版本包括對多個 SAN 擴展條目的改進支援,減少了調整證書的需要。
受影響的版本
PowerFlex 3.5.x
PowerFlex 3.6.0.x
已修正問題的版本
PowerFlex 3.6.1
Article Properties
Article Number: 000215758
Article Type: Solution
Last Modified: 10 Dec 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.