NVE: upgrade fails at step 40 of 48 with error: An error occurred when reading the current certificate

Summary: NetWorker Virtual Edition (NVE) upgrade fails at 40 of 48)|ERROR: Action::RegenerateCertSha512::Task::do An error occurred when reading the current certificate - operation failed.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

NVE upgrade fails at (40 of 48)

ERROR: Action::RegenerateCertSha512::Task::do An error occurred when reading the current certificate - operation failed

The NVE /data01/avamar/repo/temp/*/tmp/workflow.log reports:

+TZ|NVE_HOSTNAME|unknown|NveUpgrade|NW_VERSION|/space/avamar/repo/temp/NveUpgrade-NW_VERSION.avp_EPOCH_TIMESTAMP/tmp|action.regenerate-cert-sha512|Regenerates the server's default certificate used in Apache and changes the certificate's signature hash algorithm from SHA128 to SHA512. (40 of 48)|ERROR: Action::RegenerateCertSha512::Task::do An error occurred when reading the current certificate - operation failed YYYY-MM-DD HH:mm:SS
(+TZ) 46945947196060 ERROR: An error occurred when reading the current certificate - operation failed YYYY-MM-DD HH:mm:SS 
(+TZ) 46945947196060 INFO: post: An error occurred when reading the current certificate - operation failed YYYY-MM-DD HH:mm:SS
(+TZ) 46945947196060 INFO: ---------- END Action::RegenerateCertSha512::Task::do ------------ -- > IT seems it is missing the file "No such file or directory:bss_file.c:406:fopen('/etc/apache2/ssl.crt/server.crt','r')

Cause

Apache2 SSL key pair is broken.

Resolution

  1. Open an SSH session to the NVE and login as admin.
  2. Switch to root:
sudo su -
  1. Check to see if the /etc/apache2/ssl.key and /etc/apache2/ssl.crt/ exist.
ls -ltr /etc/apache2/ssl.key
ls -ltr /etc/apache2/ssl.crt

If the directories do not exist:

mkdir -p /etc/apache2/ssl.key
mkdir -p /etc/apache2/ssl.crt

If the directories exist and contain a certificate and key:

mkdir /root/apache_certs_$(date -I)
mv /etc/apache2/ssl.key/server.key /root/apache_certs_$(date -I)/server.key
mv /etc/apache2/ssl.crt/server.crt /root/apache_certs_$(date -I)/server.crt
  1. Use the openssl tool to create a new key pair
openssl req -x509 -sha512 -nodes -days 1825 -newkey rsa:2048 -keyout /etc/apache2/ssl.key/server.key -out /etc/apache2/ssl.crt/server.crt
The below example shows the default values used in the original certificate. The only user-specific value is the NVE hostname: 
nve:~ # openssl req -x509 -sha512 -nodes -days 1825 -newkey rsa:2048 -keyout /etc/apache2/ssl.key/server.key -out /etc/apache2/ssl.crt/server.crt
Generating a 2048 bit RSA private key
writing new private key to '/etc/apache2/ssl.key/server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Irvine
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dell Technologies
Organizational Unit Name (eg, section) []:Dell EMC
Common Name (e.g. server FQDN or YOUR name) []:nve.networker.lan
Email Address []:root

nve:~ # openssl x509 -in /etc/apache2/ssl.crt/server.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e3:1e:05:82:ad:1e:5b:32
    Signature Algorithm: sha512WithRSAEncryption
        Issuer: C=US, ST=California, L=Irvine, O=Dell Technologies, OU=Dell EMC, CN=nve.networker.lan/emailAddress=root
        Validity
            Not Before: Feb 12 15:10:51 2026 GMT
            Not After : Feb 11 15:10:51 2031 GMT
        Subject: C=US, ST=California, L=Irvine, O=Dell Technologies, OU=Dell EMC, CN=nve.networker.lan/emailAddress=root
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b3:23:ce:33:e0:12:ed:3f:f3:54:18:17:a3:57:
                    ... removed for brevity ...
                    8e:95:95:b5:7c:01:72:1d:22:59:06:e2:f9:20:d4:
                    bd:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:6F:D9:12:46:AF:4E:C6:4E:E2:E6:09:2D:C3:1F:F4:F2:9D:E9:24
            X509v3 Authority Key Identifier:
                keyid:52:6F:D9:12:46:AF:4E:C6:4E:E2:E6:09:2D:C3:1F:F4:F2:9D:E9:24

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha512WithRSAEncryption
         92:e3:12:fd:23:20:76:ba:a6:01:96:56:d9:75:6f:2a:64:3e:
         ... removed for brevity ...
         08:07:ff:e0:64:cc:eb:28:fd:6e:5f:e1:15:bc:15:dd:02:dd:
         2f:26:f9:0c
  1. Set the correct permissions and ownership on the files:
chmod 644 /etc/apache2/ssl.crt/server.crt
chown wwwrun:www /etc/apache2/ssl.key/server.key
Completed files: 
nve:~ # ls -ltr /etc/apache2/ssl.crt/server.crt
-rw-r--r-- 1 root root 1440 Feb 12 16:10 /etc/apache2/ssl.crt/server.crt
nve:~ # ls -ltr /etc/apache2/ssl.key/server.key
-rw------- 1 wwwrun www 1704 Feb 12 16:10 /etc/apache2/ssl.key/server.key
  1. From the NetWorker Installation Manager web UI, continue the upgrade by clicking Issue resolved and Retry current task.

Additional Information

NetWorker Virtual Edition: Upgrade or Install Failure Log Locations and Collection

Affected Products

NetWorker
Article Properties
Article Number: 000191546
Article Type: Solution
Last Modified: 12 Feb 2026
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.