Connectrix:Bシリーズ: 期限切れのHTTPS証明書が原因でスイッチ ステータスが限界に達している
Resumo: 期限切れのHTTPS証明書は、スイッチ ステータスのMAPSアラートをトリガーし、ステータスをマージナルに設定します。
Este artigo aplica-se a
Este artigo não se aplica a
Este artigo não está vinculado a nenhum produto específico.
Nem todas as versões do produto estão identificadas neste artigo.
Sintomas
MAPS出力から:
mapsdb --show 2 Switch Health Report: ======================= Current Switch Policy Status: MARGINAL Contributing Factors: --------------------- *EXPIRED_CERTS (MARGINAL). SwitchA:admin> seccertmgmt show -all ssh private key: Does not Exist ssh public keys available for users: None Certificate Files: -------------------------------------------------------------------------------------------------------------------- Protocol Client CA Server CA SW CSR PVT Key Passphrase -------------------------------------------------------------------------------------------------------------------- FCAP Empty NA Empty Empty Empty Empty RADIUS Empty Empty Empty Empty Empty NA LDAP Empty Empty Empty Empty Empty NA SYSLOG Empty Empty Empty Empty Empty NA HTTPS NA Empty Exist Empty Exist NA KAFKA NA Empty NA NA NA NA ASC NA Empty NA NA NA NA
Causa
この問題は、HTTPS証明書の有効期限が切れているために発生し、更新する必要があります。
SwitchA:FID128:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Period Of Validity Begins On Mar 23 12:05:31 2021 GMT Expires On Mar 23 12:05:31 2023 GMT Certificate expiry date is Mar 23 12:05:31 2023 GMTエラー ダンプから:
2023/03/22-23:59:35, [MAPS-1020], 549, FID 128, WARNING, SwitchA, Switch wide status has changed from HEALTHY to MARGINAL.
Resolução
自己署名HTTPS証明書を生成します。
- 次のコマンドを使用して、証明書がアップデートされているかどうかを確認します。
seccertmgmt show -cert https
- 証明書がアップデートされると、スイッチのステータスが正常に戻るまで最大24時間かかる場合があります。
- スイッチのステータスが正常に変更されていない場合は、「hafailover」または「hareboot」の実行を検討してください。
SwitchA:admin> seccertmgmt generate -cert https -type rsa -keysize 2048 -hash sha256 -years 2 Generating a new certificate will do the following 1. Delete existing switch certificate(s). 2. Disable secure protocol HTTPS Warning: Certificate generation is CPU intensive and can cause high CPU usage Continue (yes, y, no, n): [no] y Generating ... ...Generated self-signed https certificate successfully. switchA:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Period Of Validity Begins On Nov 9 10:02:22 2023 GMT Expires On Nov 8 10:02:22 2025 GMT >> Certificate Updated
Produtos afetados
Connectrix B-SeriesPropriedades do artigo
Número do artigo: 000220191
Tipo de artigo: Solution
Último modificado: 02 set. 2025
Versão: 2
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.