Connectrix: B-Serie: Abgelaufene HTTPS-Zertifikate verursachen Switch-Status marginal
Riepilogo: Abgelaufene HTTPS-Zertifikate lösen MAPS-Warnmeldungen für den Switch-Status aus und setzen den Status auf Marginal.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Sintomi
Aus MAPS-Ausgaben:
mapsdb --show 2 Switch Health Report: ======================= Current Switch Policy Status: MARGINAL Contributing Factors: --------------------- *EXPIRED_CERTS (MARGINAL). SwitchA:admin> seccertmgmt show -all ssh private key: Does not Exist ssh public keys available for users: None Certificate Files: -------------------------------------------------------------------------------------------------------------------- Protocol Client CA Server CA SW CSR PVT Key Passphrase -------------------------------------------------------------------------------------------------------------------- FCAP Empty NA Empty Empty Empty Empty RADIUS Empty Empty Empty Empty Empty NA LDAP Empty Empty Empty Empty Empty NA SYSLOG Empty Empty Empty Empty Empty NA HTTPS NA Empty Exist Empty Exist NA KAFKA NA Empty NA NA NA NA ASC NA Empty NA NA NA NA
Causa
Dieses Problem wird dadurch verursacht, dass das HTTPS-Zertifikat abläuft und erneuert werden muss.
SwitchA:FID128:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Period Of Validity Begins On Mar 23 12:05:31 2021 GMT Expires On Mar 23 12:05:31 2023 GMT Certificate expiry date is Mar 23 12:05:31 2023 GMTAus Err Dump:
2023/03/22-23:59:35, [MAPS-1020], 549, FID 128, WARNING, SwitchA, Switch wide status has changed from HEALTHY to MARGINAL.
Risoluzione
Erzeugen Sie ein selbstsigniertes HTTPS-Zertifikat.
- Überprüfen Sie mit dem folgenden Befehl, ob das Zertifikat aktualisiert wurde.
seccertmgmt show -cert https
- Nachdem das Zertifikat aktualisiert wurde, kann es bis zu 24 Stunden dauern, bis sich der Switchstatus wieder in Fehlerfrei ändert.
- Erwägen Sie die Durchführung von "Hafailover" oder "Hareboot", wenn der Switch-Status nicht in fehlerfrei geändert wird.
SwitchA:admin> seccertmgmt generate -cert https -type rsa -keysize 2048 -hash sha256 -years 2 Generating a new certificate will do the following 1. Delete existing switch certificate(s). 2. Disable secure protocol HTTPS Warning: Certificate generation is CPU intensive and can cause high CPU usage Continue (yes, y, no, n): [no] y Generating ... ...Generated self-signed https certificate successfully. switchA:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Period Of Validity Begins On Nov 9 10:02:22 2023 GMT Expires On Nov 8 10:02:22 2025 GMT >> Certificate Updated
Prodotti interessati
Connectrix B-SeriesProprietà dell'articolo
Numero articolo: 000220191
Tipo di articolo: Solution
Ultima modifica: 02 set 2025
Versione: 2
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.