Avamar 19.3+: Goav Security Keystore toont en controleert de status van keystore en lockbox met automatische oplossing
Summary: Gebruik de Goav-tool om de inhoud van de keystore weer te geven of controleer de status van alle keystores op het Avamar systeem.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Nieuwste ondersteunde Avamar-versie: 19.10
Command-Set Supported Avamar Versions: 19.3+
GOAV-versie vereist: 1.39+, aanbevolen versie minimaal 1.50
Download/installeer de Goav-tool
000192151 | Avamar: Goav-gereedschap
Notities
- Bij elke volgende release van Avamar moet de functie opnieuw worden gevalideerd.
- Alle goav-beveiligingsopdrachten moeten als root worden uitgevoerd.
Functies
Toon Keystore Inhoud
Met deze opdracht wordt een vervolgkeuzelijst geselecteerd om te kiezen welk keystore moet worden afgedrukt
Controleer Keystore- en Lockbox-configuratie met optionele automatische oplossing
Met deze opdracht worden verschillende healthchecks uitgevoerd voor alle keystores op het Avamar-systeem.
- Controleer of elke keystore bestaat.
- Controleer de machtigingen en het eigendom van de sleutelwinkel.
- Controleer de status
van de lockbox keystore passphrase.- Controleer of de wachtwoordzin van de lockbox en de keystore overeenkomen.
- Controleer of elke keystore het juiste formaat heeft (PKCS12).
- Controleer of elke vereiste alias (certificaat) aanwezig is in elke keystore.
- Druk een overzicht van goed/fout af met gedetailleerde probleemmeldingen.
Voorbeelden
Toon een keystore
Controleer de keystore-configuratie in de passieve modus
Controleer de keystore-configuratie in actieve/automatische herstelmodus
Command-Set Supported Avamar Versions: 19.3+
GOAV-versie vereist: 1.39+, aanbevolen versie minimaal 1.50
Download/installeer de Goav-tool
000192151 | Avamar: Goav-gereedschap
Notities
- Bij elke volgende release van Avamar moet de functie opnieuw worden gevalideerd.
- Alle goav-beveiligingsopdrachten moeten als root worden uitgevoerd.
Functies
Toon Keystore Inhoud
Met deze opdracht wordt een vervolgkeuzelijst geselecteerd om te kiezen welk keystore moet worden afgedrukt
./goav security keystore show
Met deze opdracht worden alle keystores op het scherm afgedrukt.
./goav security keystore show --all
Controleer Keystore- en Lockbox-configuratie met optionele automatische oplossing
Met deze opdracht worden verschillende healthchecks uitgevoerd voor alle keystores op het Avamar-systeem.
- Controleer of elke keystore bestaat.
- Controleer de machtigingen en het eigendom van de sleutelwinkel.
- Controleer de status
van de lockbox keystore passphrase.- Controleer of de wachtwoordzin van de lockbox en de keystore overeenkomen.
- Controleer of elke keystore het juiste formaat heeft (PKCS12).
- Controleer of elke vereiste alias (certificaat) aanwezig is in elke keystore.
- Druk een overzicht van goed/fout af met gedetailleerde probleemmeldingen.
./goav security keystore check-config
Met deze opdracht worden verschillende statuscontroles uitgevoerd voor alle keystores en worden deze automatisch opgelost.
- Controleer of elke keystore bestaat.
- Controleer de keystore-machtigingen en het eigendom
- Controleer de status van de lockbox keystore-wachtwoordzin.
- Controleer of de wachtwoordzin van de lockbox/keystore overeenkomt.
- Controleer of elke keystore het juiste formaat heeft (PKCS12).
- Controleer of elke vereiste alias (certificaat) aanwezig is in elke keystore.
- Druk een overzicht van goed/fout af met gedetailleerde probleemmeldingen.
- Ontbrekende keystores automatisch opnieuw genereren.
- Corrigeer automatisch machtigingen en eigendom.
- Genereer keystore automatisch opnieuw als de wachtwoordzin van de lockbox niet overeenkomt met de wachtwoordzin van de keystore.
- Maak een back-up van bestaande keystore voordat u deze opnieuw genereert
- Genereer indien nodig automatisch een keystore of specifieke alias.
- Update MCSSL private key entry van Java RMI keystore om te synchroniseren met avi en tomcat keystore.
- Start de juiste services opnieuw
./goav security keystore check-config --fix
Voorbeelden
Toon een keystore
root@ser-ave03:/home/admin/#: ./goav security keystore show
===========================================================
GoAv : 1.39
Avamar : 19.7
Date : 19 Oct 2022 10:28 MDT
===========================================================
NOTE: This is not an official tool
===========================================================
Use the arrow keys to navigate: ↓ ↑ → ←
Select Keystore to Print:
RMI_SSL_KEYSTORE
AVAMAR_KEYSTORE
→ AVINSTALLER_KEYSTORE
TOMCAT_KEYSTORE
Controleer de keystore-configuratie in de passieve modus
root@avmr-4400-rtp:/usr/local/avamar/lib/#: ~admin/goav security keystore check-config =========================================================== GoAv : 1.49 Avamar : 19.4 Date : 17 Mar 2023 13:31 EDT =========================================================== COMMAND : /home/admin/goav security keystore check-config NOTE: This is not an official tool =========================================================== Table: Keystore Existence/Permissions Check ------------------------------------------- Name | Path | Exists | Current Permissions | Expected Permissions | Current Ownership | Expected Ownership -----------------------+----------------------------------------+--------+-----------------------+----------------------+-----------------------+--------------------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | true | rw-rw---- | rw-rw---- | root admin | root admin AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | true | rw-rw---- | rw-rw---- | root root | root admin AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | false | emtpy: file not found | rw-r--r-- | empty: file not found | avi avi TOMCAT_KEYSTORE | /home/admin/.keystore | true | rwxr----- | rwxr----- | admin admin | admin admin Task: Lockbox Passphrase Check ------------------------------ Keystore Passphrase (From Lockbox): changeme Table: Lockbox/Keystore Passphrase Match ---------------------------------------- Name | Lockbox/Keystore Passphrase | Match -----------------------+--------------------------------- RMI_SSL_KEYSTORE | false AVAMAR_KEYSTORE | true AVINSTALLER_KEYSTORE | false TOMCAT_KEYSTORE | true Keystore Format (JKS/PKCS12) ---------------------------- Name | Format -----------------------+---------- RMI_SSL_KEYSTORE | Unknown AVAMAR_KEYSTORE | PKCS12 AVINSTALLER_KEYSTORE | Unknown TOMCAT_KEYSTORE | PKCS12 Table: Keystore Alias Check --------------------------- Name | Path | Alias | Exists -----------------------+----------------------------------------+-----------+--------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcssl | false RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcjwt | false AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcecroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcectls | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsaroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsatls | true AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | tomcat | false AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | mcssl | false TOMCAT_KEYSTORE | /home/admin/.keystore | tomcat | false TOMCAT_KEYSTORE | /home/admin/.keystore | mcssl | true Summary ------- *** FAIL *** keystore check-config FAILED OVERALL PROBLEM: AVINSTALLER_KEYSTORE does not exist PROBLEM: AVAMAR_KEYSTORE ownership/permissions incorrect PROBLEM: AVINSTALLER_KEYSTORE ownership/permissions incorrect PROBLEM: changeme is not the correct passphrase for keystore RMI_SSL_KEYSTORE PROBLEM: changeme is not the correct passphrase for keystore AVINSTALLER_KEYSTORE PROBLEM: RMI_SSL_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: AVINSTALLER_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: mcssl alias does not exist in RMI_SSL_KEYSTORE PROBLEM: mcjwt alias does not exist in RMI_SSL_KEYSTORE PROBLEM: tomcat alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: mcssl alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: tomcat alias does not exist in TOMCAT_KEYSTORE
Controleer de keystore-configuratie in actieve/automatische herstelmodus
root@avamar-rtp:/usr/local/avamar/lib/#: ~admin/goav security keystore check-config --fix =========================================================== GoAv : 1.49 Avamar : 19.4 Date : 17 Mar 2023 13:32 EDT =========================================================== COMMAND : /home/admin/goav security keystore check-config --fix NOTE: This is not an official tool =========================================================== Table: Keystore Existence/Permissions Check ------------------------------------------- Name | Path | Exists | Current Permissions | Expected Permissions | Current Ownership | Expected Ownership -----------------------+----------------------------------------+--------+-----------------------+----------------------+-----------------------+--------------------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | true | rw-rw---- | rw-rw---- | root admin | root admin AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | true | rw-rw---- | rw-rw---- | root root | root admin AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | false | emtpy: file not found | rw-r--r-- | empty: file not found | avi avi TOMCAT_KEYSTORE | /home/admin/.keystore | true | rwxr----- | rwxr----- | admin admin | admin admin Task: Lockbox Passphrase Check ------------------------------ Keystore Passphrase (From Lockbox): changeme Table: Lockbox/Keystore Passphrase Match ---------------------------------------- Name | Lockbox/Keystore Passphrase | Match -----------------------+--------------------------------- RMI_SSL_KEYSTORE | false AVAMAR_KEYSTORE | true AVINSTALLER_KEYSTORE | false TOMCAT_KEYSTORE | true Keystore Format (JKS/PKCS12) ---------------------------- Name | Format -----------------------+---------- RMI_SSL_KEYSTORE | Unknown AVAMAR_KEYSTORE | PKCS12 AVINSTALLER_KEYSTORE | Unknown TOMCAT_KEYSTORE | PKCS12 Table: Keystore Alias Check --------------------------- Name | Path | Alias | Exists -----------------------+----------------------------------------+-----------+--------- RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcssl | false RMI_SSL_KEYSTORE | /usr/local/avamar/lib/rmi_ssl_keystore | mcjwt | false AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcecroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcectls | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsaroot | true AVAMAR_KEYSTORE | /usr/local/avamar/lib/avamar_keystore | mcrsatls | true AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | tomcat | false AVINSTALLER_KEYSTORE | /usr/local/avamar/lib/avi/avi_keystore | mcssl | false TOMCAT_KEYSTORE | /home/admin/.keystore | tomcat | false TOMCAT_KEYSTORE | /home/admin/.keystore | mcssl | true Summary ------- *** FAIL *** keystore check-config FAILED OVERALL PROBLEM: AVINSTALLER_KEYSTORE does not exist PROBLEM: AVAMAR_KEYSTORE ownership/permissions incorrect PROBLEM: AVINSTALLER_KEYSTORE ownership/permissions incorrect PROBLEM: changeme is not the correct passphrase for keystore RMI_SSL_KEYSTORE PROBLEM: changeme is not the correct passphrase for keystore AVINSTALLER_KEYSTORE PROBLEM: RMI_SSL_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: AVINSTALLER_KEYSTORE format unknown, keystore might not be readable or passphrase mismatch PROBLEM: mcssl alias does not exist in RMI_SSL_KEYSTORE PROBLEM: mcjwt alias does not exist in RMI_SSL_KEYSTORE PROBLEM: tomcat alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: mcssl alias does not exist in AVINSTALLER_KEYSTORE PROBLEM: tomcat alias does not exist in TOMCAT_KEYSTORE ************************ Task: Auto-Fix Keystores ************************ INFO: Begin fixing any keystore issues... INFO: Renaming /usr/local/avamar/lib/rmi_ssl_keystore in order to regenerate... INFO: Renamed /usr/local/avamar/lib/rmi_ssl_keystore to /usr/local/avamar/lib/x-rmi_ssl_keystore.bak INFO: Renaming /usr/local/avamar/lib/rmi_ssl_keystore in order to regenerate succeeded INFO: Regenerating RMI_SSL_KEYSTORE Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US [Storing /usr/local/avamar/lib/rmi_ssl_keystore] Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US Enter key password for <mcjwt> (RETURN if same as keystore password): [Storing /usr/local/avamar/lib/rmi_ssl_keystore] INFO: RMI_SSL_KEYSTORE Successfully Regenerated INFO: Please re-import any vcenter certificate if vcenter certificate authentication is used INFO: RMI_SSL_KEYSTORE Permissions & Ownership Updated INFO: Regenerating AVINSTALLER_KEYSTORE Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US [Storing /usr/local/avamar/lib/avi/avi_keystore] INFO: AVINSTALLER_KEYSTORE Successfully Regenerated INFO: AVINSTALLER_KEYSTORE Permissions & Ownership Updated INFO: Renaming /home/admin/.keystore in order to regenerate... INFO: Renamed /home/admin/.keystore to /home/admin/x-.keystore.bak INFO: Renaming /home/admin/.keystore in order to regenerate succeeded INFO: Regenerating TOMCAT_KEYSTORE Generating 3,072 bit RSA key pair and self-signed certificate (SHA512withRSA) with a validity of 3,650 days for: CN=avamar-rtp, OU=Avamar, O=DELL-EMC, L=Irvine, ST=California, C=US [Storing /home/admin/.keystore] INFO: TOMCAT_KEYSTORE Successfully Regenerated INFO: TOMCAT_KEYSTORE Permissions & Ownership Updated INFO: Updating mcssl certificate from rmi keystore to tomcat and avi keystore... INFO: Updating mcssl certificate from rmi keystore to tomcat and avi keystore succeeded INFO: Restarting MCS [======> ] INFO: Restarting MCS succeeded INFO: Restarting avinstaller service [==========> ] INFO: Restarting avinstaller service succeeded INFO: Restarting tomcat service [ ] INFO: Restarting tomcat service succeeded DONE
Affected Products
AvamarArticle Properties
Article Number: 000204386
Article Type: How To
Last Modified: 30 Oct 2025
Version: 15
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.