PowerFlex 3.X: 演示服务器的 Web UI 无法加载
Summary: 由于证书中存在多个使用者备用名称 (SAN) 扩展名,Presentation Server 的 Web UI 无法加载。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
演示服务器服务启动,但网页无法加载初始登录屏幕。
[root@host1 .config]# systemctl status mgmt-server.service
● mgmt-server.service - Scaleio MGMT Server
Loaded: loaded (/etc/systemd/system/mgmt-server.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-1-09 05:30:03 EST; 11s ago
Main PID: 29700 (java)
CGroup: /system.slice/mgmt-server.service
└─29700 /bin/java -Xmx4g -Dlog4j2.formatMsgNoLookups=true -Djna.tmpdir=/opt/emc/scaleio/mgmt-server/tmp -Djava.io.tmpdir=/opt/emc/scaleio/mg...
Dec 09 05:30:08 host1 java[29700]: at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320)
...
Dec 09 05:30:08 host1 java[29700]: at java.lang.Thread.run(Thread.java:750)
演示服务器日志显示以下错误:
/opt/emc/scaleio/mgmt-server/logs/scaleio.log:
Suppressed: com.google.common.util.concurrent.ServiceManager$FailedService: HttpdService [FAILED]
Caused by: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1288)
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1270)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:372)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:243)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.server.Server.doStart(Server.java:401)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at com.emc.vxflexos.webui.backend.httpd.HttpdService.startUp(HttpdService.java:31)
at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62)
at com.google.common.util.concurrent.Callables$4.run(Callables.java:119)
at java.lang.Thread.run(Thread.java:750)
运行以下命令以验证演示服务器是否使用多个 SAN 条目。这可以针对客户要续订或替换的具有多个 SAN 扩展条目的证书运行。
[root@host1 /]# openssl x509 -noout -text -in <location_of_new_signed_cert> | grep -A1 -i 'Subject Alternative Name'
X509v3 Subject Alternative Name:
DNS:host1, DNS:host1.
影响
加载 mgmt-server 的 Web UI 失败会导致无法通过用户界面 (UI) 管理 PowerFlex 群集。这会影响 PowerFlex 系统的管理和作的易用性。
Cause
当 Jetty 框架(特别是基类 org.eclipse.jetty.util.ssl.SslContextFactory 尝试在密钥库中处理多个证书,该作并非旨在处理。从本质上讲,受影响的演示服务器版本无法管理包含多个使用者备用名称 (SAN) 扩展条目的证书,这在遇到此类证书时会导致失败。
Resolution
- 使用仅包含单个使用者备用名称 (SAN) 扩展条目的证书。这与 mgmt-server 的当前限制一致,并且应该允许正常作。
- 将 mgmt-server 升级到版本 3.6.1。此版本包括对多个 SAN 扩展条目的改进支持,减少了调整证书的需要。
受影响的版本
PowerFlex 3.5.x
PowerFlex 3.6.0.x
已修复问题的版本
PowerFlex 3.6.1
Article Properties
Article Number: 000215758
Article Type: Solution
Last Modified: 10 Dec 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.