25 Posts
0
1728
VNX 5300 Certificate has invalid Date???
Hello, trying to access a VNX5300, Looks like certificate expired? How can I get in?
What a Bear, just getting a Windows 8 server and the right version of Java and now this, what a Nightmare.
25 Posts
0
1728
Hello, trying to access a VNX5300, Looks like certificate expired? How can I get in?
What a Bear, just getting a Windows 8 server and the right version of Java and now this, what a Nightmare.
Top
jerryroy1
25 Posts
0
June 23rd, 2023 12:00
YOU are the MAN!
So I downloaded the windows version of naviseccli from the link you posted. After installed, I ran this from command prompt on the windows machine:
NaviSECCli.exe -address -User root -Password *** -Scope 0 security -SPcertificate -generate
Then on the cli of the NAS I ran this:
/nas/sbin/nas_ca_certificate –generate
Now I have all matching certs to expire in 2028
So, next question, the Settings for IP address and mask etc are all grey out still on Control Station and SPA and SPB. What to do?
DELL-Sam L
Moderator
Moderator
•
7.1K Posts
0
June 22nd, 2023 04:00
Hello jerryroy1,
Here is a link to a kb that maybe of assistance. https://dell.to/46j5ITT
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
June 22nd, 2023 09:00
Instructions
How do I generate a self-signed certificate from Unisphere?
To generate a self-signed certificate follow these steps:
http: // https://dell.to/3pi8dW1
Where https://dell.to/3JPASZN is the IP address of the storage processor (SP).
You may also import a certificate and the associated private RSA key through SecureCLI.
naviseccli -h <SP_IP> security -pkcs12upload -file FILE [-passphrase PASSPHRASE]
Additional Information
The following three options are presented to you when connecting for the first time to a server:
Unisphere and USM use the Java certificate store for storing certificates. The certificates store can be accessed using the Java Control Panel. Secure CLI and Unisphere Server Utility create a certificate store on the user directory of the client. Unisphere, USM, and Unisphere Server Utility will enforce certificate verification when connecting to the storage system. However, Secure CLI provides the option to bypass certificate verification. This option is provided during installation on a client. You are given the option to choose between two levels: Low (bypass certificate verification) and Medium (enforce certificate verification).
jerryroy1
25 Posts
0
June 22nd, 2023 09:00
That Link takes me to that page, but there is another link on how to generate a self-sign certificate and it says I do not have permission.
https://www.dell.com/support/kbdoc/en-us/000011219
(Option 1)
Generate a self-signed certificate(See KB 000320471 for more detail <---This is not accessible to me
1. Click "Generate a Self-Signed Certificate".
jerryroy1
25 Posts
0
June 22nd, 2023 12:00
jerryroy1
25 Posts
0
June 22nd, 2023 12:00
OK, I rolled the clock back to within the certificate window. Now I get pop-ups with different IP's and different cert date windows. I click reject and can get into the interface, but I still cannot get to the point where I can reset certs or create a Self Signed Cert.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
June 22nd, 2023 12:00
For the invalid date, https://dell.to/3PryThR and yes those IPs are your storage processors.
jerryroy1
25 Posts
0
June 22nd, 2023 12:00
http: // https://dell.to/3pi8dW1
Where https://dell.to/3JPASZN
I am confused, do I append the url with this 3pi8dW1 ??? And if so, the second url has a different string 3JPASZN
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
June 22nd, 2023 12:00
Use your IP addresses, it is just a random URL shortened link.
jerryroy1
25 Posts
0
June 22nd, 2023 12:00
Are 192.168.50.62 and 192.168.50.63 considered my "Storage Processors"?
jerryroy1
25 Posts
0
June 22nd, 2023 14:00
OK, I changed time so I can get into here 192.168.50.60, then I changed time so I can get to SPA's 192.168.50.62 and 63 and then I get this. HELP, This can't be that difficult?
jerryroy1
25 Posts
0
June 22nd, 2023 14:00
This says change to "spa properties" https://www.dell.com/support/kbdoc/en-us/000057175/vnx-error-certificate-has-invalid-date-user-correctable?lang=en&dgc=SM&cid=281909&lid=spr10438020372&refid=sm_LITHIUM_spr10438020372&linkId=221144075
Where can I find that in this interface?
jerryroy1
25 Posts
0
June 22nd, 2023 16:00
OK, I was able to generate a Self Signed Certificate for both the SPA (.62) and SPB (.63) by going to the ip in the browser and adding setup to the end (https://192.168.50.62/setup) How can I change the IP address settings, all the fields are greyed out?
DELL-Sam L
Moderator
Moderator
•
7.1K Posts
0
June 23rd, 2023 01:00
Hello jerryroy1,
Here is a link for changing youIP’s oon your SP’s.
https://dell.to/3XqRf4j
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
June 23rd, 2023 08:00
Are you logged in when you open the link?
Here is the article:
naviseccli commands will not cause SPs to reboot.
Using the CLARiiON/Block setup page in GUI causes a reboot
Any name change requires SP reboot.
Instructions to update the SPs IP addresses, netmask and gateway IPs is below:
Before you begin:
Check to be sure the array is not part of a storage domain
Check that all hosts have dual-Fibre connectivity and that failover software is working correctly
In Unisphere, Under Domains-> Local - for the array he logged into.
Next, clicked on local, only one array should show up - the array the IPs are being change on
Connect to the Array via the naviseccli
Verify the current settings and record them.
Command to check the current SP settings:
CMD:
naviseccli -h networkadmin -get
SAMPLE OUTPIT:
Storage Processor: SP A
Storage Processor Network Name: A-IMAGE
Storage Processor IP Address: 10.241. xx.xx
Storage Processor Subnet Mask: 255. 255.xx.xx
Storage Processor Gateway Address: 10. 241.xx.xx
Repeat for SPB
Verify the new information before hitting
Once the new ipaddresses are set, if any mistakes were made, it may be necessary to attach directly to the array to correct via the service or serial port
SAMPLE:
naviseccli -h networkadmin -set -address -subnetmask -gateway
At this point theCustomer's network would need to be changed for the new array IP addresses.
Ping the new SP IP and be sure you are able to connect to it before proceeding to SPB.
Once the SPA is updated, contacted, and accessible, Complete changes on SPB