forked from docs/doc-exports
Yang, Tong
3b1f73dece
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
97 lines
16 KiB
HTML
97 lines
16 KiB
HTML
<a name="alm_12054"></a><a name="alm_12054"></a>
|
|
|
|
<h1 class="topictitle1">ALM-12054 The Certificate File Is Invalid</h1>
|
|
<div id="body8662426"><div class="section" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_section14878122"><h4 class="sectiontitle">Description</h4><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p50145535">The system checks whether the certificate file is invalid (has expired or is not yet valid) on 23:00 every day. This alarm is generated when the certificate file is invalid.</p>
|
|
<p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p48656638">This alarm is cleared when the status of the newly imported certificate is valid.</p>
|
|
</div>
|
|
<div class="section" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_section66794237"><h4 class="sectiontitle">Attribute</h4>
|
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_table48873592" frame="border" border="1" rules="all"><thead align="left"><tr id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_row18928010"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.2.1.4.1.1"><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p56773879">Alarm ID</p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.2.1.4.1.2"><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p35281476">Alarm Severity</p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.2.1.4.1.3"><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p39227289">Auto Clear</p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_row23293855"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.2.1.4.1.1 "><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p7754109">12054</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.2.1.4.1.2 "><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p24103132">Major</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.2.1.4.1.3 "><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p6196708">Yes</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="section" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_section64277225"><h4 class="sectiontitle">Parameters</h4>
|
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_table32171324" frame="border" border="1" rules="all"><thead align="left"><tr id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_row33909737"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.1.3.1.1"><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p62334190">Parameter</p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.1.3.1.2"><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p15904615">Description</p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_row13205437"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.1 "><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p63007447">ServiceName</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.2 "><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p3329565">Specifies the service for which the alarm is generated.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_row29966093"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.1 "><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p11334465">RoleName</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.2 "><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p45676502">Specifies the role for which the alarm is generated.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_row8435340"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.1 "><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p12173973">HostName</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.2 "><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p46567762">Specifies the host for which the alarm is generated.</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="section" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_section41624120"><h4 class="sectiontitle">Impact on the System</h4><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p13892396">The system reminds users that the certificate file is invalid. If the certificate file is invalid, some functions are restricted and cannot be used properly.</p>
|
|
</div>
|
|
<div class="section" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_section39072761"><h4 class="sectiontitle">Possible Causes</h4><p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p51542282">No certificate (HA root certificate or HA user certificate) is imported to the system, the certificate fails to be imported, or the certificate file is invalid.</p>
|
|
</div>
|
|
<div class="section" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_section16110535"><h4 class="sectiontitle">Procedure</h4><p class="tableheading" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p14175317"><strong id="alm_12054__b336020509411">Check the alarm cause.</strong></p>
|
|
<ol id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_ol15202643152315"><li id="alm_12054__en-us_topic_0191813937_li1487713813414"><span>Go to the MRS cluster details page and choose <strong id="alm_12054__b1154765120413">Alarms</strong>.</span></li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3518787615237"><span>In the real-time alarm list, click the row that contains the alarm.</span><p><p class="litext" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p4827967915237">In the <strong id="alm_12054__b188612539414">Alarm Details</strong> area, view the additional information about the alarm.</p>
|
|
<ul class="subitemlist" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_ul6505776815237"><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3084159815237">If <strong id="alm_12054__b11818115417415">CA Certificate</strong> is displayed in the additional alarm information, use PuTTY to log in to the active OMS management node as user <strong id="alm_12054__b78185542418">omm</strong> and go to <a href="#alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li2768003415237">3</a>.</li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li205560515237">If <strong id="alm_12054__b9879155513414">HA root Certificate</strong> is displayed in the additional information, check <strong id="alm_12054__b288065517411">Location</strong> to obtain the name of the host involved in this alarm. Then use PuTTY to log in to the host as user <strong id="alm_12054__b688055524111">omm</strong> and go to <a href="#alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li6628516015237">4</a>.</li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li2214172115237">If <strong id="alm_12054__b8328685428">HA server Certificate</strong> is displayed in the additional information, check <strong id="alm_12054__b1532998114213">Location</strong> to obtain the name of the host involved in this alarm. Then use PuTTY to log in to the host as user <strong id="alm_12054__b1532978114218">omm</strong> and go to <a href="#alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3401162015237">5</a>.</li></ul>
|
|
</p></li></ol>
|
|
<p class="tableheading" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p4864900615237"><strong id="alm_12054__b2225114154220">Check the validity period of the certificate files in the system.</strong></p>
|
|
<ol start="3" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_ol32858266152358"><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li2768003415237"><a name="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li2768003415237"></a><a name="en-us_topic_0191813937_en-us_topic_0087039414_li2768003415237"></a><span>Check whether the current system time is in the validity period of the CA certificate. </span><p><p class="litext" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p3164574115237">Run the <strong id="alm_12054__b1757481615424">openssl x509 -noout -text -in ${CONTROLLER_HOME}/security/cert/root/ca.crt</strong> command to check the effective time and due time of the root certificate.</p>
|
|
<ul class="subitemlist" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_ul307555915237"><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li1316823415237">If yes, go to <a href="#alm_12054__en-us_topic_0191813937_li572522141314">8</a>.</li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li5999405215237">If no, go to <a href="#alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li99782015237">6</a>.</li></ul>
|
|
</p></li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li6628516015237"><a name="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li6628516015237"></a><a name="en-us_topic_0191813937_en-us_topic_0087039414_li6628516015237"></a><span>Check whether the current system time is in the validity period of the HA root certificate. </span><p><p class="litext" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p2749028515237">Run the <strong id="alm_12054__b184701930104211">openssl x509 -noout -text -in ${CONTROLLER_HOME}/security/certHA/root-ca.crt</strong> command to check the effective time and due time of the HA root certificate.</p>
|
|
<ul class="subitemlist" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_ul4464772015237"><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li1212058815237">If yes, go to <a href="#alm_12054__en-us_topic_0191813937_li572522141314">8</a>.</li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li4224356015237">If no, go to <a href="#alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3092985115237">7</a>.</li></ul>
|
|
</p></li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3401162015237"><a name="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3401162015237"></a><a name="en-us_topic_0191813937_en-us_topic_0087039414_li3401162015237"></a><span>Check whether the current system time is in the validity period of the HA user certificate. </span><p><p class="litext" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p38885215237">Run the <strong id="alm_12054__b10297184414211">openssl x509 -noout -text -in ${CONTROLLER_HOME}/security/certHA/server.crt</strong> command to check the effective time and due time of the HA user certificate.</p>
|
|
<ul class="subitemlist" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_ul1284746315237"><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3149707715237">If yes, go to <a href="#alm_12054__en-us_topic_0191813937_li572522141314">8</a>.</li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li888403615237">If no, go to <a href="#alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3092985115237">7</a>.<p id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p112648315237">The following is an example of the effective time and expiration time of a CA or HA certificate:</p>
|
|
<pre class="screen" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_screen1590019615237">Certificate:
|
|
Data:
|
|
Version: 3 (0x2)
|
|
Serial Number:
|
|
97:d5:0e:84:af:ec:34:d8
|
|
Signature Algorithm: sha256WithRSAEncryption
|
|
Issuer: C=CountryName, ST=State, L=Locality, O=Organization, OU=IT, CN=HADOOP.COM
|
|
Validity
|
|
Not Before: Dec 13 06:38:26 2016 GMT // Effective time
|
|
Not After : Dec 11 06:38:26 2026 GMT // Expiration time</pre>
|
|
</li></ul>
|
|
</p></li></ol>
|
|
<p class="tableheading" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p4851831115237"><strong id="alm_12054__b782465784212">Import certificate files.</strong></p>
|
|
<ol start="6" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_ol43449146152412"><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li99782015237"><a name="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li99782015237"></a><a name="en-us_topic_0191813937_en-us_topic_0087039414_li99782015237"></a><span>Import a new CA certificate file. </span><p><p class="litext" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p3766912715237">Contact O&M personnel to apply for or generate a new CA certificate file and import it. Manually clear the alarm and check whether this alarm is generated again during periodic check.</p>
|
|
<ul class="subitemlist" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_ul5230665215237"><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3130042715237">If yes, go to <a href="#alm_12054__en-us_topic_0191813937_li572522141314">8</a>.</li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li1326839015237">If no, no further action is required.</li></ul>
|
|
</p></li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3092985115237"><a name="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3092985115237"></a><a name="en-us_topic_0191813937_en-us_topic_0087039414_li3092985115237"></a><span>Import a new HA certificate file. </span><p><p class="litext" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_p898038515237">Apply for or generate a new HA certificate file and import it by referring to <a href="mrs_01_0571.html">Replacing the HA Certificate</a>. Manually clear the alarm and check whether this alarm is generated again during periodic check.</p>
|
|
<ul class="subitemlist" id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_ul6583370515237"><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li5632256215237">If yes, go to <a href="#alm_12054__en-us_topic_0191813937_li572522141314">8</a>.</li><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0087039414_li3714101715237">If no, no further action is required.</li></ul>
|
|
</p></li><li id="alm_12054__en-us_topic_0191813937_li572522141314"><a name="alm_12054__en-us_topic_0191813937_li572522141314"></a><a name="en-us_topic_0191813937_li572522141314"></a><span>Collect fault information.</span><p><ol type="a" id="alm_12054__en-us_topic_0191813937_en-us_topic_0191813935_ol6089206913036"><li id="alm_12054__en-us_topic_0191813937_en-us_topic_0191813935_li4478836213036">On MRS Manager, choose <span class="menucascade" id="alm_12054__menucascade7546111819438"><b><span class="uicontrol" id="alm_12054__uicontrol10541111811436">System</span></b> > <b><span class="uicontrol" id="alm_12054__uicontrol14546171816430">Export Log</span></b></span>.</li><li id="alm_12054__li18574327401">Contact technical support engineers for help. For details, see <a href="https://docs.otc.t-systems.com/en-us/public/learnmore.html" target="_blank" rel="noopener noreferrer">technical support</a>.</li></ol>
|
|
</p></li></ol>
|
|
</div>
|
|
<div class="section" id="alm_12054__en-us_topic_0191813941_section21917020151926"><h4 class="sectiontitle">Reference</h4><p id="alm_12054__en-us_topic_0191813941_p62805935151930">None</p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0241.html">Alarm Reference (Applicable to Versions Earlier Than MRS 3.x)</a></div>
|
|
</div>
|
|
</div>
|
|
|