Connectrix Brocade B-Series: HTTPS service disabled due to Invalid certificate

Summary: HTTPS service disabled due to Invalid certificate

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Upgrade from 8.0.2d to 8.1.2f.

After upgrading to FOX 8.1.x or later, https is disabled with below messages. The switch is no longer accessible via HTTPS.  Attempts to re-import the existing signed HTTPS certificate or a new certificate generate the following message:    

[SEC-3075], 12286/1374, CHASSIS, INFO, <Switchname>, Event: Web Handler, HTTPS SERVICE DISABLED, Info: Invalid certificate, webdhttp.c, line: 640, comp:webd, ltime:2019/06/11-18:40:13:725262

The switch is no longer be accessible via HTTPS. 


A possible additional symptom from a management perspective:   

  • CMCNE with https is not able to discover the switch(es) anymore and when:    
    • Changing the password of the switch in the discovery screen of CMCNE, it reported an error:     
Username/Password update failed. Reason: connection was refused by switch.
Rediscovering the switches:       
Connection timed out.

Cause

The reason is FOS security enhancement in FOS v8.1. According to Brocade's Fabric OS v8.1.2f release notes, when upgrading to FOS 8.1.0b and later, and having HTTPS enabled, administrators must have the Certificate Authority (CA), intermediate, and root certificates installed to ensure that the chain of certificate validation is successful. HTTPS is disabled in FOS v8.1.0b or later if chain of certificate validation fails. 

To verify if the CA is correct and the CA chain validation is successful, execute the following command on a Linux serve:     
#openssl verify -CAfile ca.pem servercert.pem

There is Broadcom KB article #13013 that we may reference as well.

Resolution

Import the CA certificate from the CA that was used to sign the existing certificate, using the following command:      

#seccertmgmt import -ca -server https -certname <cert_name>

Note: The CA certificate must contain the complete chain that was used to sign the HTTPS certificate. Additional information on this requirement is noted in the FOS 8.2.0 Administrator's Guide under "Creating a complete chain of CA certificates".

Once the CA certificate is successfully imported, the switch automatically re-enable HTTPS:     

2018/07/10-05:39:24, [WEBD-1004], 2232, FID 128, INFO, sw0, HTTP server and weblinker process will be restarted due to configuration change.

Additional Information


Affected Products

Connectrix B-Series Hardware

Products

Connectrix B-Series Hardware
Article Properties
Article Number: 000079752
Article Type: Solution
Last Modified: 11 Sep 2025
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.