Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Dell Technologies VxRail: Knooppunt NIC-configuratie SSL toevoegen: CERTIFICATE_VERIFY_FAILED

Summary: Dell Technologies VxRail: Knooppunt NIC-configuratie SSL toevoegen: CERTIFICATE_VERIFY_FAILED Waargenomen op versie 7.0.350.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Tijdens het uitvoeren van een node-add kunnen we niet verder gaan dan de NIC-configuratiepagina.
VxRail versie 7.0.350.
 

Foutlogboek:

22-04-28T05:33:31.194+0000 ERROR [pool-69-thread-1] com.vce.commons.domainowner.graphq.DefaultQueryExecutorImpl DefaultQueryExecutorImpl.filterOutErrorData:173 - Errors in do-host responsFQDN:9090 ssl: [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:
852)]","locations":[{"line":1,"column":1542,"sourceName":null}],"description":null,"validationErrorType":null,"queryPath":null,"errorType":null,"path":["configuredHosts","0","hardware","pos
ition","rackName"],"extensions":null}


Curl-controle:

vxrm # curl --capath /var/lib/vmware-marvin/trust/lin --user root -X GET -H "Content-Type: application/json" -d '{}' https://ServerName.site.lab:9090/rest/ps/private/v1/misc/certservice/certs
Enter host password for user 'root':
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Cause

SSL Handshake tussen ESXI en VXRM mislukt.

 

 

Resolution

Voer de onderstaande opdrachten uit om het certificaatprobleem te verifiëren.
Controleer en werk de ESXi-certificaten bij met behulp van de VMware-documentatie hieronder:

1. Voer de onderstaande opdracht uit om de ESXi-hostverbinding te testen en de volledige uitvoer vast te leggen: 
vxm: # openssl s_client -crl_check_all -CApath /var/lib/vmware-marvin/trust/lin/ -connect :443

2. Voer de onderstaande opdracht uit om de ESXi-hostverbinding te testen en de volledige uitvoer vast te leggen: 
vxm: # openssl s_client -crl_check -CApath /var/lib/vmware-marvin/trust/lin/ -connect :443

3. Voer de onderstaande opdracht uit om de ESXi-hostverbinding te testen en de volledige uitvoer vast te leggen: 
vxm: # openssl s_client -CApath /var/lib/vmware-marvin/trust/lin/ -connect :443
Example output:
Verify return code: 0 (ok)
Or,
Verify return code: 12 (CRL has expired)


Controleer de VMware-documentatie om de ESXi-certificaten te vernieuwen en te vernieuwen:

- ESXi-certificaten vernieuwen en vernieuwen https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html. Koppelingspictogram van derden
- Voer de nieuwste versie van cert_util.py uit in kb onder VxRail: Het vCenter SSL-certificaat handmatig importeren in VxRail Manager

 

Affected Products

VxRail, VxRail Appliance Family, VxRail Appliance Series
Article Properties
Article Number: 000198975
Article Type: Solution
Last Modified: 19 May 2023
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.