Connectrix: B 시리즈: 만료된 HTTPS 인증서로 인해 스위치 상태가 미미한 상태 발생
Zhrnutie: HTTPS 인증서가 만료되면 스위치 상태에 대한 MAPS 알림이 트리거되고 상태가 심각하지 않음으로 설정됩니다.
Tento článok sa vzťahuje na
Tento článok sa nevzťahuje na
Tento článok nie je viazaný na žiadny konkrétny produkt.
V tomto článku nie sú uvedené všetky verzie produktov.
Symptómy
MAPS 출력에서:
mapsdb --show 2 Switch Health Report: ======================= Current Switch Policy Status: MARGINAL Contributing Factors: --------------------- *EXPIRED_CERTS (MARGINAL). SwitchA:admin> seccertmgmt show -all ssh private key: Does not Exist ssh public keys available for users: None Certificate Files: -------------------------------------------------------------------------------------------------------------------- Protocol Client CA Server CA SW CSR PVT Key Passphrase -------------------------------------------------------------------------------------------------------------------- FCAP Empty NA Empty Empty Empty Empty RADIUS Empty Empty Empty Empty Empty NA LDAP Empty Empty Empty Empty Empty NA SYSLOG Empty Empty Empty Empty Empty NA HTTPS NA Empty Exist Empty Exist NA KAFKA NA Empty NA NA NA NA ASC NA Empty NA NA NA NA
Príčina
이 문제는 HTTPS 인증서 만료로 인해 발생하며 갱신해야 합니다.
SwitchA:FID128:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = Brocade organizationalUnitName = Eng commonName = xx.xx.xx.xx Period Of Validity Begins On Mar 23 12:05:31 2021 GMT Expires On Mar 23 12:05:31 2023 GMT Certificate expiry date is Mar 23 12:05:31 2023 GMT오류 덤프에서:
2023/03/22-23:59:35, [MAPS-1020], 549, FID 128, WARNING, SwitchA, Switch wide status has changed from HEALTHY to MARGINAL.
Riešenie
자체 서명된 HTTPS 인증서를 생성합니다.
- 다음 명령을 사용하여 인증서가 업데이트되었는지 확인합니다.
seccertmgmt show -cert https
- 인증서가 업데이트되면 스위치 상태가 다시 정상으로 변경되는 데 최대 24시간이 걸릴 수 있습니다.
- 스위치 상태가 정상으로 변경되지 않은 경우 "hafailover" 또는 "hareboot" 수행을 고려하십시오.
SwitchA:admin> seccertmgmt generate -cert https -type rsa -keysize 2048 -hash sha256 -years 2 Generating a new certificate will do the following 1. Delete existing switch certificate(s). 2. Disable secure protocol HTTPS Warning: Certificate generation is CPU intensive and can cause high CPU usage Continue (yes, y, no, n): [no] y Generating ... ...Generated self-signed https certificate successfully. switchA:admin> seccertmgmt show -cert https Issued To countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Issued By countryName = US stateOrProvinceName = California localityName = San Jose organizationName = org organizationalUnitName = unit commonName = xx.xx.xx.xx Period Of Validity Begins On Nov 9 10:02:22 2023 GMT Expires On Nov 8 10:02:22 2025 GMT >> Certificate Updated
Dotknuté produkty
Connectrix B-SeriesVlastnosti článku
Číslo článku: 000220191
Typ článku: Solution
Dátum poslednej úpravy: 02 sep 2025
Verzia: 2
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.