Connectrix: Brocade: HTTPS port 443 not listening after self generating certificates

Summary: Not able to connect to Webtools after making new certificates

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Generating new certificates after upgrade says port 443 is not open. 
2023/06/05-07:13:59, [SEC-3070], 42865, FID 128, INFO, dbkfcs3199, Event: secCertMgmt, Status: success, Info: Generated self-signed https certificate, keysize-2048 type-rsa hash-sha256 validity-10years.
2023/06/05-07:14:01, [WEBD-1004], 42866, FID 128, INFO, dbkfcs3199, HTTP server and weblinker process will be restarted due to configuration change.
2023/06/05-07:14:20, [SEC-3075], 42867, FID 128, INFO, dbkfcs3199, Event: secCertMgmt, HTTPS SERVICE DISABLED, Info: HTTPS SWITCH certificate has been deleted..
AH00526: Syntax error on line 47 of /fabos/webtools/bin/web.conf.0:
SSLCertificateFile: file '/etc/fabos/certs/sw0/servercert.pem' does not exist or is empty
2023/06/05-07:23:59, [SEC-3075], 42868, FID 128, INFO, dbkfcs3199, Event: secCertMgmt, HTTPS SERVICE DISABLED, Info: HTTPS CA certificate has been deleted..
2023/06/05-07:23:59, [SEC-3075], 42869, FID 128, INFO, dbkfcs3199, Event: secCertMgmt, HTTPS SERVICE DISABLED, Info: HTTPS SWITCH certificate has been deleted..
2023/06/05-07:24:15, [SEC-3070], 42870, FID 128, INFO, dbkfcs3199, Event: secCertMgmt, Status: success, Info: Generated self-signed https certificate, keysize-2048 type-rsa hash-sha256 validity-10years.
2023/06/05-07:24:29, [SEC-3075], 42871, FID 128, INFO, dbkfcs3199, Event: secCertMgmt, HTTPS SERVICE DISABLED, Info: HTTPS SWITCH certificate has been deleted..

Cause

A self-signed certificate is generated which does delete existing switch certificates and then generate a self-signed certificate to enable HTTPs. Due to this configuration change, weblinker and HTTPD go to restart and it takes a certain time to come up.

Ran CSR command during weblinker restart and it removed the already generated certificate which leads to SSL read the file which does not exist. 
Fri Jun  5 07:13:37 2023         a.xtermp, , 10.224.164.6, seccertmgmt generate -cert https -type rsa -keysize 2048 -hash sha256 -years 10

Fri Jun  5 07:13:43 2023         a.xtermp, , 10.224.164.6, netstat -na | grep 443

Fri Jun  5 07:13:59 2023         a.xtermp, , 10.224.164.6, seccertmgmt generate -cert https -type rsa -keysize 2048 -hash sha256 -years 10

Fri Jun  5 07:15:20 2023         a.xtermp, , 10.224.164.6, seccertmgmt generate -csr https -type rsa -keysize 2048 -hash sha256 -years 10

Fri Jun  5 07:15:45 2023         a.xtermp, , 10.224.164.6, seccertmgmt export -csr https -protocol ftp -ipaddr 10.224.164.11  -remotedir /incoming/CSR -certname 10.224.142.39.csr -login ftp

Resolution

Workaround:

1. Login as root and run this command to recover weblinker and HTTPD. 
/usr/apache/bin/httpd.0 -f /fabos/webtools/bin/httpd.conf.0
2. Run this command to check what certificates are used by SSL. 
cat /fabos/webtools/bin/web.conf.0 | grep cert
3. To check the certificates used by SSL are valid format and size. 
ls -l /etc/fabos/certs/sw0
In case the certificate is invalid, then remove the certificate if SSL is using binary file and null size file. Run step 2 and confirm that the entry is removed in the conf file. 

If the certificates are valid, verify the weblinker works fine with https. Step 4 is not required if it works fine.
 
4. Once step 3 is completed, then they can generate a self-sign or import certificate to enable HTTPS.
Resolution:
  • Use a workaround to verify and clear certificates.
  • Once the workaround is done a new certificate can be generated to get HTTPS up and port 443 open.

Affected Products

Connectrix B-Series
Article Properties
Article Number: 000224272
Article Type: Solution
Last Modified: 19 Apr 2024
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.