Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000198975

Dell Technologies VxRail:節點新增 NIC 組態 SSL:CERTIFICATE_VERIFY_FAILED

Summary: Dell Technologies VxRail:節點新增 NIC 組態 SSL:CERTIFICATE_VERIFY_FAILED 在版本 7.0.350 上觀察到。

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

執行「節點新增」時,我們無法通過 NIC 組態頁面。
VxRail 7.0.350 版。
 

錯誤記錄:

22-04-28T05:33:31.194+0000 ERROR [pool-69-thread-1] com.vce.commons.domainowner.graphq.DefaultQueryExecutorImpl DefaultQueryExecutorImpl.filterOutErrorData:173 - Errors in do-host responsFQDN:9090 ssl: [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:
852)]","locations":[{"line":1,"column":1542,"sourceName":null}],"description":null,"validationErrorType":null,"queryPath":null,"errorType":null,"path":["configuredHosts","0","hardware","pos
ition","rackName"],"extensions":null}


Curl 檢查:

vxrm # curl --capath /var/lib/vmware-marvin/trust/lin --user root -X GET -H "Content-Type: application/json" -d '{}' https://ServerName.site.lab:9090/rest/ps/private/v1/misc/certservice/certs
Enter host password for user 'root':
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Cause

ESXI 和 VXRM 之間的 SSL 交握失敗。

 

 

Resolution

執行以下命令以確認憑證問題。
使用以下 VMware 說明文件檢查並更新 ESXi 憑證:

1.執行以下命令以測試 ESXi 主機連線,並擷取整個輸出: 
vxm: # openssl s_client -crl_check_all -CApath /var/lib/vmware-marvin/trust/lin/ -connect :443

2.執行以下命令以測試 ESXi 主機連線,並擷取整個輸出: 
vxm: # openssl s_client -crl_check -CApath /var/lib/vmware-marvin/trust/lin/ -connect :443

3.執行以下命令以測試 ESXi 主機連線,並擷取整個輸出: 
vxm: # openssl s_client -CApath /var/lib/vmware-marvin/trust/lin/ -connect :443
Example output:
Verify return code: 0 (ok)
Or,
Verify return code: 12 (CRL has expired)


檢閱 VMware 說明文件以更新和重新整理 ESXi 憑證:

- 更新和重新整理 ESXi 憑證HTTPs://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html。第三方廠商連結圖示
- 在VxRail下方的 kb 中執行最新版本的 cert_util.py:如何在 VxRail Manager 上手動匯入 vCenter SSL 憑證

 

Article Properties

Affected Product

VxRail, VxRail Appliance Family, VxRail Appliance Series

Last Published Date

19 May 2023

Version

4

Article Type

Solution

Back to Top