не заходит в usm после обновления

Ivan

Ivan

Случайный прохожий
Здравствуйте! В предыдущей версии обновился unisphere service manager и теперь не удается зайти на схд. Появляется ошибка сертификата:
Код: 
The specified system is not reachable or the certificate on the system could not be validated.
Что делать?:kaktus:
 
Последнее редактирование:
Ivan сказал(а):
Здравствуйте! В предыдущей версии обновился unisphere service manager и теперь не удается зайти на схд. Появляется ошибка
Код: 
сертификата: The specified system is not reachable or the certificate on the system could not be validated.
Что делать?:kaktus:
Нажмите, чтобы раскрыть...

попробуйте через браузер зайти по https
 
тогда получаю ошибку в браузере
err_ssl_server_cert_bad_format
 
сертификат старый, перевыпустите сертификат:

1. Go to http://slproweb.com/products/Win32OpenSSL.html, download openSSL, then install the kit.
2. Create 1024-bit private key;
Код: 
 C:\OpenSSL-Win32\bin>openssl genrsa -out testMD5.key 1024
3. Create the corresponding certificate request;
Код: 
 C:\OpenSSL-Win32\bin>openssl req -new -key testMD5.key -config "C:\OpenSSL-Win32\bin\openssl.cfg" -out testMD5.csr

Output:
WARNING: can't open config file: /usr/local/ssl/openssl.cnf * This can be ignored, not relevant to windows
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Massachusetts
Locality Name (eg, city) []:Southboro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:EMC Corporation
Organizational Unit Name (eg, section) []:CLARiiON
Common Name (e.g. server FQDN or YOUR name) []:<SP IP address>
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:


4. Create the self-signed certificate with MD5 signature;
Код: 
 C:\OpenSSL-Win32\bin>openssl x509 -req -days 365 -in testMD5.csr -signkey testMD5.key -out testMD5.crt -md5
5. Package the key and certificate into a pfx file;
Код: 
 C:\OpenSSL-Win32\bin>openssl pkcs12 -export -out testMD5.pfx -inkey testMD5.key -in testMD5.crt

This will create a file named testMD5.pfx in the C:\OpenSSL-Win32\bin> directory which is used in the following command to upload the certificate to the SP:

Код: 
 naviseccli -h <SP IP address> security -pkcs12upload -file c:\OpenSSL-Win32\bin\testMD5.pfx -passphrase 123456
If the command is successful you should now be able to access Unisphere/setup page. A new self signed certificate should be generated from the SP setup page.
For more information on this, refer primus solution “emc315591”.
 
When you click on the details of the certificate you will find that the certificate "valid to": date has expired.

1. Change the time on your PC/Laptop "from time" to be between the certificate "Valid from:" and "Valid to:" time.
2. Connect via Unisphere to the System and sellect the SPA properties
3. Change the SPA time to the current local time.
4. Login as administrator user like sysadmin to the array via https://SPA_IP/setup.
5. Select "Manage SSL/TLS Certificate"

There are two possible scenarios here, either a self signed certificate is in use or a CA signed certificate is in use. The more common one is a self-signed certificate but either way works depending on the needs of the environment and whether or not there is a valid CA server that can sign the CSR generated in unisphere.

(Option 1)
Generate a self-signed certificate(See KB 000320471 for more detail):
1. Click "Generate a Self-Signed Certificate"

(Option 2)
Create a customer signed CA cert (See KB 000331310 for more detail) :
1. Click Generate CSR (Certificate Signing Request)
2. Once the signing request is created have the customer get the CSR signed by their CA server.
3. Once the CSR is signed it needs to be imported onto the SP. Go back to "Manage SSL/TLS Certificate"
4. Click "Import Certificate"
5. Upload the certificate that was signed by the CA server.
 
Если еще короче -
1. Заходите на контроллер https://SPA_IP/setup , авторизуетесь
2. Внизу увидите кнопку Manage SSL/TLS Certificates.
3. Либо получаете сертификат через ваш CA либо просто генерируете самоподписный сертификат. Все.
 
Klop сказал(а):
Если еще короче -
1. Заходите на контроллер https://SPA_IP/setup , авторизуетесь
2. Внизу увидите кнопку Manage SSL/TLS Certificates.
3. Либо получаете сертификат через ваш CA либо просто генерируете самоподписный сертификат. Все.
Нажмите, чтобы раскрыть...

как раз с самоподписным это не работает
 
да я так и сделал, уже сам до этого дошел
 
Для ответа нужно войти/зарегистрироваться
Назад
Верх