此帖子已超过 5 年
15 消息
0
7402
NSG2初始化完成后通过Unisphere登录时出现Certificate has invalid date
刚install一台NSG2,后端由CX480提供的OS lun,但通过Unisphere登录时出现报错“Certificate has invalid date“
NSG2 version=6.0.70-4
两个DM
我尝试过以下操作,但还是不行,大神们遇到过这种情况吗?还请多多指点,谢谢。
-
- 通过命令重新生成认证。
[root@ns_g2_379 ~]# /nas/sbin/nas_ca_certificate -generate - 查看httpd进程运行。
[root@ns_g2_379 ~]# ps fax |egrep httpd
22533 pts/0 S+ 0:00 \_ egrep httpd
9554 ? S 0:00 | \_ sh -c /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf > /nas/http/logs/apache_restart.out
9560 ? Ss 0:00 | \_ /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf
9603 ? S 0:00 | \_ /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf
9604 ? S 0:00 | \_ /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf
9605 ? S 0:00 | \_ /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf
9606 ? S 0:00 | \_ /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf
9607 ? S 0:00 | \_ /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf
9608 ? S 0:00 | \_ /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf
9609 ? S 0:00 | \_ /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf
9610 ? S 0:00 | \_ /nas/sbin/httpd -D HAVE_PERL -D HAVE_SSL -D NO_DETACH -f /nas/http/conf/httpd.conf
3. 生成一个默认的key。
[nasadmin@ns_g2_379 ~]$ server_certificate server_2 -persona -generate default -key_size 4096 -cs_sign_du 'name;2.3.4.5'
4. 以下是CS date和生成的certificate。
[root@ns_g2_379 nasadmin]# date
Sun Jul 24 19:41:08 GMT+8 2016
[root@ns_g2_379 nasadmin]# /nas/sbin/nas_ca_certificate -display
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14 (0xe)
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=Celerra Certificate Authority, CN=ns_g2_379
Validity
Not Before: Jul 24 18:41:51 2016 GMT
Not After : Jul 23 18:41:51 2021 GMT
Subject: O=Celerra Certificate Authority, CN=ns_g2_379
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b6:0b:93:0b:cf:b0:ba:30:ad:5a:fe:16:db:ce:
82:25:59:91:4a:d7:c2:23:39:b3:e4:83:68:2e:c2:
bc:80:91:da:67:63:a8:46:01:a1:d8:d5:29:ed:d2:
48:52:dd:ce:22:0b:08:1b:ac:0f:fa:32:a1:f6:f0:
b8:49:fb:e1:86:33:88:0d:45:7f:90:6c:a4:30:c2:
ae:c9:dd:ab:1d:9b:79:85:80:bb:6b:19:e1:b0:47:
96:9a:cd:1f:31:48:de:ba:dc:e4:54:8c:fe:b5:6e:
71:12:02:a5:b9:bf:e3:93:3d:d6:dc:e1:c7:b9:f8:
64:0d:73:a8:44:d1:86:7d:88:c1:7e:9b:bb:98:5b:
64:f7:f2:3a:5f:77:c4:03:19:10:3b:97:a9:80:e3:
a4:ee:88:81:71:65:9b:70:55:34:7c:5c:14:38:7c:
76:29:0e:b2:9a:25:5b:ad:61:4f:67:76:a9:84:51:
ef:cc:50:79:14:f7:fa:d9:ee:67:6e:06:89:ad:88:
63:66:7f:1c:b8:6a:ee:a6:27:b0:25:52:0e:87:a2:
c1:a4:9a:de:a8:29:dd:52:70:3f:13:e0:b9:13:03:
71:d2:26:7a:2a:ad:55:be:54:a2:c5:40:c2:7e:c7:
e6:42:a6:e5:f4:c5:65:e7:de:79:9d:b3:18:51:d5:
25:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:94:2B:A6:40:1E:65:CF:BC:7C:5D:58:9E:C5:B0:16:3E:83:05:70
X509v3 Authority Key Identifier:
keyid:AD:94:2B:A6:40:1E:65:CF:BC:7C:5D:58:9E:C5:B0:16:3E:83:05:70
DirName:/O=Celerra Certificate Authority/CN=ns_g2_379
serial:0E
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
DNS:ns_g2_379, DNS:ns_g2_379.localdomain, DNS:192.168.76.99
Signature Algorithm: sha1WithRSAEncryption
4c:7d:6e:02:c3:9d:9d:18:eb:e8:4b:35:4c:88:0f:81:07:ff:
fe:74:52:4a:c2:ea:92:20:0b:e8:b8:4c:ca:9f:76:1b:f0:c0:
3d:03:e6:1f:2a:02:dc:c1:9b:96:f4:14:08:3f:e0:a0:1f:1d:
07:e4:c0:00:4b:b8:a4:2a:fd:59:a5:44:dd:cc:5d:41:5e:44:
a1:be:5a:40:82:79:d3:bf:b2:25:4d:83:94:09:b7:f9:8a:c6:
41:1e:f2:81:31:ab:7a:9e:58:a0:38:16:7a:5e:56:7c:9f:f4:
11:43:c3:9d:91:1f:12:3f:a5:ca:f4:e1:e8:e4:b7:96:5c:75:
58:f2:55:04:f8:19:71:d9:90:8c:7d:62:10:75:ba:8b:19:85:
f8:c9:ce:bd:57:b2:4e:79:2c:62:20:e4:79:a1:91:6f:8c:88:
2c:5c:70:cf:24:02:73:89:fe:43:ab:72:5f:ee:95:a4:48:44:
35:fe:d6:5a:7c:b6:32:e4:39:14:06:6e:56:84:cf:5c:3f:84:
ad:4c:65:e9:0c:fe:c1:48:e0:00:94:78:c5:b2:00:9d:2e:ae:
89:3d:3f:e5:f4:9a:e7:18:3d:0f:c8:b2:11:a8:8c:81:80:74:
f2:77:3f:c0:3a:90:d8:f5:e4:aa:bc:a9:f5:48:61:87:ea:55:
69:d4:ae:2d
-----BEGIN CERTIFICATE-----
MIIDxjCCAq6gAwIBAgIBDjANBgkqhkiG9w0BAQUFADA8MSYwJAYDVQQKEx1DZWxl
cnJhIENlcnRpZmljYXRlIEF1dGhvcml0eTESMBAGA1UEAxQJbnNfZzJfMzc5MB4X
DTE2MDcyNDE4NDE1MVoXDTIxMDcyMzE4NDE1MVowPDEmMCQGA1UEChMdQ2VsZXJy
YSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEjAQBgNVBAMUCW5zX2cyXzM3OTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYLkwvPsLowrVr+FtvOgiVZkUrX
wiM5s+SDaC7CvICR2mdjqEYBodjVKe3SSFLdziILCBusD/oyofbwuEn74YYziA1F
f5BspDDCrsndqx2beYWAu2sZ4bBHlprNHzFI3rrc5FSM/rVucRICpbm/45M91tzh
x7n4ZA1zqETRhn2IwX6bu5hbZPfyOl93xAMZEDuXqYDjpO6IgXFlm3BVNHxcFDh8
dikOspolW61hT2d2qYRR78xQeRT3+tnuZ24Gia2IY2Z/HLhq7qYnsCVSDoeiwaSa
3qgp3VJwPxPguRMDcdImeiqtVb5UosVAwn7H5kKm5fTFZefeeZ2zGFHVJS8CAwEA
AaOB0jCBzzAdBgNVHQ4EFgQUrZQrpkAeZc+8fF1YnsWwFj6DBXAwZAYDVR0jBF0w
W4AUrZQrpkAeZc+8fF1YnsWwFj6DBXChQKQ+MDwxJjAkBgNVBAoTHUNlbGVycmEg
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRIwEAYDVQQDFAluc19nMl8zNzmCAQ4wDAYD
VR0TBAUwAwEB/zA6BgNVHREEMzAxggluc19nMl8zNzmCFW5zX2cyXzM3OS5sb2Nh
bGRvbWFpboINMTkyLjE2OC43Ni45OTANBgkqhkiG9w0BAQUFAAOCAQEATH1uAsOd
nRjr6Es1TIgPgQf//nRSSsLqkiAL6LhMyp92G/DAPQPmHyoC3MGblvQUCD/goB8d
B+TAAEu4pCr9WaVE3cxdQV5Eob5aQIJ507+yJU2DlAm3+YrGQR7ygTGrep5YoDgW
el5WfJ/0EUPDnZEfEj+lyvTh6OS3llx1WPJVBPgZcdmQjH1iEHW6ixmF+MnOvVey
TnksYiDkeaGRb4yILFxwzyQCc4n+Q6tyX+6VpEhENf7WWny2MuQ5FAZuVoTPXD+E
rUxl6Qz+wUjgAJR4xbIAnS6uiT0/5fSa5xg9D8iyEaiMgYB08nc/wDqQ2PXkqryp
9Uhhh+pVadSuLQ==
-----END CERTIFICATE-----
yuewangjie1
15 消息
0
2016年7月28日 05:00
搞定了,还是时间问题,后来系统自己跑了1天后出现login的界面了。
谢谢Roger W
Roger_Wu
2 Intern
2 Intern
•
4K 消息
0
2016年7月24日 23:00
照道理证书过期按照KB做一遍(就是你写的步骤)就行,有清了缓存再试试吗?或者换个浏览器?
Roger_Wu
2 Intern
2 Intern
•
4K 消息
0
2016年7月24日 23:00
您好,帮你把帖子移动到了 存储系统 版块内,方便更多懂这块技术的朋友们看到并参与分享。谢谢!
yuewangjie1
15 消息
0
2016年7月25日 03:00
更换浏览器和缓存都做过,而且为此还重新安装了一个系统去连接也不行,无从下手。
Roger_Wu
2 Intern
2 Intern
•
4K 消息
1
2016年7月25日 19:00
更改一下PC机的系统时间看看呢?有时候由于NTP服务器没有配置过等原因,VNX/Celerra上的时间可能和PC机时间不符(Valid From的时间快于PC机时间 ),或者你再仔细看下KB的几个方法:
VNX login with Unisphere fails with 'Certificate has invalid date' message.https://support.emc.com/kb/427262
Workarounds:
OR
If you do not have access to the Unisphere Certificate Warning message, you can verify the "Valid From" date by accessing the Control Station console, examining the following file, and setting the PC clock ahead of the "Not Before" date indicated:
# cat /nas/site/CA/ca_certificate.pem
Certificate:
-----edited----
Issuer: O=Celerra Certificate Authority, CN=emcnas_i0
Validity
Not Before: Mar 16 12:49:14 2011 GMT
Not After : Mar 21 12:49:14 2016 GMT
# /nas/sbin/nas_ca_certificate -generate
Note: The start date of the new certificate should be equal to seven (7) days before the current system date, and reflected in GMT time. Once you have successfully logged into the VNX system, presumably having also "accepted" the certificates in the popups, there is no further action required.
Roger_Wu
2 Intern
2 Intern
•
4K 消息
0
2016年7月31日 04:00
问题解决了就好~