NetWorker: authc-kommandoer mislykkes med "kan ikke finde en gyldig certificeringssti"

Samenvatting: authc_config- og authc_mgmt-kommandoer mislykkes i NetWorker og rapporterer " kunne ikke finde en gyldig certificeringssti til den anmodede destination".

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Symptomen

  • NetWorker-serveren implementeres på et selvstændigt (ikke-klyngebaseret) system.
  • NetWorker-godkendelseskommandoer (authc_config, authc_mgmt) mislykkedes med følgende fejl rapporteret:
[root@networker-mc bin]# authc_mgmt -u administrator -e find-all-users
Enter password: 
ERROR [main] (DefaultLogger.java:190) - Error executing command. Failure: I/O error on POST request for https://localhost:9090/auth-server/api/v1/sec/authenticate [localhost]: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

  • Dette problem opstår, uanset om der anvendes lokal NetWorker-godkendelse eller ekstern (LDAP)-godkendelse.

 

Oorzaak

Der er en uoverensstemmelse i signaturen af emcauthctomcat-certifikaterne. Emcahctomcat konfigureres som standard under networker-implementering. Dette certifikat findes tre steder:

Linux:

  • /nsr/authc/conf/authc.keystore
  • /opt/nsr/authc-server/conf/authc.truststore
  • /opt/nre/java/latest/lib/security/cacerts

 

Windows:

  • C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\conf\authc.keystore
  • C:\Program Files\EMC NetWorker\nsr\authc-server\conf\authc.truststore
  • C:\Program Files\NRE\java\jre#.#.#_###\lib\security\cacerts

 

[root@networker-mc bin]# ./keytool -list -keystore /opt/nre/java/latest/lib/security/cacerts -storepass changeit | grep -A1 emcauth 
emcauthctomcat, Oct 7, 2022, trustedCertEntry, 
Certificate fingerprint (SHA-256): 3B:18:1E:DF:39:ED:5B:4B:CF:9F:92:22:E8:D9:96:54:E0:21:A4:EB:06:D6:36:32:03:76:5E:CC:BA:B1:15:6B

[root@networker-mc bin]# ./keytool -list -keystore /opt/nsr/authc-server/conf/authc.truststore  | grep -A1 emcauthctom 
Enter keystore password:  
emcauthctomcat, Oct 7, 2022, trustedCertEntry, 
Certificate fingerprint (SHA-256): 3B:18:1E:DF:39:ED:5B:4B:CF:9F:92:22:E8:D9:96:54:E0:21:A4:EB:06:D6:36:32:03:76:5E:CC:BA:B1:15:6B

[root@networker-mc bin]# ./keytool -list -keystore /nsr/authc/conf/authc.keystore | grep -A1 emcauthctomcat
Enter keystore password: 
emcauthctomcat, Jun 29, 2022, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): 93:97:0D:ED:DF:B1:73:62:D0:E1:95:C9:EB:67:3E:EE:4D:2E:55:9F:D7:9D:5E:FD:CE:81:E3:88:23:8E:0C:C9

 

Oplossing

Korriger certifikatuoverensstemmelsen.

  1. Opret en kopi af de eksisterende keystore-filer:
    Linux:

    • /nsr/authc/conf/authc.keystore
    • /opt/nsr/authc-server/conf/authc.truststore
    • /opt/nre/java/latest/lib/security/cacerts

    Windows:

    • C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\conf\authc.keystore
    • C:\Program Files\EMC NetWorker\nsr\authc-server\conf\authc.truststore
    • C:\Program Files\NRE\java\jre#.#.#_###\lib\security\cacerts

     

    BEMÆRK: Cacerts-filen findes i authc's konfigurerede JRE-forekomst. De stier, der vises ovenfor, er, når NetWorker Runtime Environment (NRE) installeres. Hvis Oracle Java JRE er installeret, ligger cacerts-filen i Java-installationsstien under .. \lib\security\cacerts.

  2. På NetWorker-serveren skal du åbne en administrator- eller rodkommandoprompt.

  3. Stop NetWorker-servertjenester:
    Linux: nsr_shutdown
    Windows: net stop nsrd

  4. Skift mappen til JRE \bin dir.

  5. Brug følgende kommandosyntaks til at slette emcauthctomcat-certifikaterne fra de keystore-placeringer, hvor der observeres uoverensstemmelse.

    Linux:
    ./keytool -delete -alias emcauthctomcat -keystore /path/to/keystore -storepass password

    Windows:
    keytool -delete -alias emcauthctomcat -keystore "C:\path\to\keystore" -storepass password

    BEMÆRK: Java keystore-adgangskoden, uanset om NRE eller Oracle jre, er ændring. Authc keystore er det brugerdefinerede keystore-adgangskodesæt, mens du bruger NetWorker-installationsguiden (Windows) eller /opt/nsr/authc-server/scripts/authc_configure.sh script (Linux).

Eksempel:

[root@networker-mc bin]# ./keytool -delete -alias emcauthctomcat -keystore /opt/nre/java/latest/lib/security/cacerts -storepass changeit  

[root@networker-mc bin]# ./keytool -delete -alias emcauthctomcat -keystore /opt/nsr/authc-server/conf/authc.truststore
Enter keystore password:  
[root@networker-mc bin]#

 

  1. Standard emcahctomcat-certifikatet skal være placeret på følgende placering:
    Linux: /nsr/authc/conf/emcauthctomcat.cer
    Windows: C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\conf\emcauthctomcat.cer

  2. Importer standard emcauthctomcat-certifikatet til nøglelagerplaceringerne:
    Linux:
    ./keytool -import -alias emcauthctomcat -keystore /path/to/keystore -storepass password -file /nsr/authc/conf/emcauthctomcat.cer

    Windows:
    keytool -import -alias emcauthctomcat -keystore "C:\path\to\keystore" -storepass password -file "C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\conf\emcauthctomcat.cer"

Eksempel:

[root@networker-mc bin]# ./keytool -import -alias emcauthctomcat -keystore /opt/nsr/authc-server/conf/authc.truststore  -file /nsr/authc/conf/emcauthctomcat.cer
Enter keystore password:  
Owner: CN=networker-mc.emclab.local, OU=NetWorker, O=DELL, L=Round Rock, ST=TX, C=US
Issuer: CN=networker-mc.emclab.local, OU=NetWorker, O=DELL, L=Round Rock, ST=TX, C=US
Serial number: bd1993a1
Valid from: Wed Jun 29 12:16:53 EDT 2022 until: Sun Jun 23 12:16:53 EDT 2047
Certificate fingerprints:
         SHA1: E8:7B:C8:DF:4D:24:57:C4:63:34:1F:E8:6D:AA:1F:84:79:61:92:26
         SHA256: 93:97:0D:ED:DF:B1:73:62:D0:E1:95:C9:EB:67:3E:EE:4D:2E:55:9F:D7:9D:5E:FD:CE:81:E3:88:23:8E:0C:C9
Signature algorithm name: SHA512withRSA
Subject Public Key Algorithm: 3072-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: localhost
  IPAddress: 127.0.0.1
  DNSName: networker-mc.emclab.local
]

Trust this certificate? [no]:  y
Certificate was added to keystore
[root@networker-mc bin]# ./keytool -import -alias emcauthctomcat -keystore /opt/nre/java/latest/lib/security/cacerts -file /nsr/authc/conf/emcauthctomcat.cer   
Enter keystore password:  
Certificate already exists in keystore under alias <emcnwuiserv>
Do you still want to add it? [no]:  y
Certificate was added to keystore

 

  1. Brug keytool -list for at bekræfte, at emcauthctomcat-signaturerne stemmer overens i hvert af nøglelagerne:
    Linux: ./keytool -list -keystore /path/to/keystore -storepass password | grep -A1 emcauth
    Windows: keytool -list -keystore "C:\path\to\keystore" -storepass password

  2. Start NetWorker-tjenester:
    Linux: systemctl start networker
    Windows: net start nsrd

  3. Forsøg at bruge en authc_config eller authc_mgmt Kommando:
    authc_config -u Administrator -e find-all-users

Eksempel:

[root@networker-mc bin]# authc_mgmt -u administrator -e find-all-users
Enter password: 
The query returns 2 records.
User Id User Name           
1000    administrator       
1001    svc_nmc_networker-mc

 

Getroffen producten

NetWorker

Producten

NetWorker Family, NetWorker Series
Artikeleigenschappen
Artikelnummer: 000204050
Artikeltype: Solution
Laatst aangepast: 30 apr. 2025
Versie:  5
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.