No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU
Support Documentation

FusionAccess V100R006C20 Alarm Handling 05 (FusionSphere 6.3.1)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
1003007 WI Certificate Has Expired or Is About to Expire

1003007 WI Certificate Has Expired or Is About to Expire

Description

After the WI service is enabled, the system checks certificate validity every one hour. The alarm is generated when the time left before the certificate expires is shorter than the threshold (30 days by default) or the certificate has expired. You can update the certificate to clear the alarm.

Attribute

Alarm ID

Alarm Severity

Auto Clear

1003007

Critical

Yes

Parameters

Name

Meaning

Alarm ID

Identifies an alarm. Each alarm is uniquely identified by an alarm ID and an alarm name.

Alarm Severity

Indicates the severity of an alarm. Value:

  • Critical: indicates that a fault affecting services provided by the system occurs. You need to rectify the fault immediately. If a device or resource is faulty, rectify it immediately even if the fault occurs during non-working hours.
  • Major: indicates that a fault affecting the service quality of the system occurs. You need to rectify the fault immediately. If the service quality of a device or resource is degraded, rectify it immediately during working hours.
  • Minor: indicates a fault that does not affect service quality. To prevent more serious faults, this type of alarm needs to be observed or handled if necessary.
  • Warning: indicates a fault that may affect service quality. This type of alarm must be handled based on the error type.

Alarm Name

Identifies an alarm. Each alarm is uniquely identified by an alarm ID and an alarm name.

Object Type

Specifies the type of the object for which the alarm is generated.

Alarm Object Name

Specifies the name of the object for which the alarm is generated.

Component Type

(This parameter exists only in FusionManager.)

Specifies the type of the component for which the alarm is generated.

Generation Time

Specifies the time when the alarm is generated.

Clear Time

Specifies the time when the alarm is cleared.

Clear Mode

Specifies whether the alarm is manually or automatically cleared.

Operation

Specifies the operation that can be performed on the alarm.

Value: Manually Clear Alarm

Impact on the System

After the certificate expires, you cannot log in to the WI portal or an alarm is reported.

Possible Causes

Certificate has expired or is about to expire.

Procedure

  1. Update the certificates that have expired or are about to expire according to the certificate library files and the alias list in alarm details. For details, see the relevant descriptions in the FusionAccess Desktop Solution V100R006C20 Product Documentation according to Table 37-1.

    Table 37-1 Certificate update reference

    Certificate File

    Certificate Update Reference

    Whether Certificate Validity Is Checked by Default

    localhost.keystore

    Operation and Maintenance > System Management > Certificate Management > Updating the WI HTTPS Certificate

    Yes

    wi.keystore

    Operation and Maintenance > System Management > Certificate Management > Updating the WI HTTPS Certificate

    Yes

    servercert.p12

    Installation and Commission > Feature Guide > F301_Enhanced User Access Security (WI Bidirectional Authentication) > Updating the WI Directional Certificates

    Yes

    truststore.jks

    Installation and Commission > Feature Guide > F301_Enhanced User Access Security (WI Bidirectional Authentication) > Updating the WI Directional Certificates

    Yes

  2. Choose FusionManager > Monitoring or FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 3.
    • If no, no further operation is required.

  3. Log in to the WI server and delete the certificates that have expired and are about to expire from the certificate library.

    1. Log in to the WI server as user gandalf.
    2. Run the cd /opt/WI/tomcat/certs command to go to the corresponding directory.
    3. Run the command /opt/WI/jre/bin/keytool -delete -alias certificate alias -keystore keystore file name.

      Obtain the certificate file name and certificate alias from the alarm details. For example, in the following alarm details, the certificate file name is localhost.keystore, the certificate alias is wi, and the command for deleting the certificate is /opt/WI/jre/bin/keytool -delete -alias wi -keystore localhost.keystore.

      About to Expire Certificates = {[localhost.keystore:wi] }
    4. Enter the password of the Keystore file as prompted to delete the certificates that have expired and are about to expire from the certificate library.
    5. Repeat 3.c to 3.d to delete other certificates that have expired and are about to expire.
    6. Run the sudo service WIService restart command to restart WI service.

  4. Repeat Step 3 to delete the other WI certificates that have expired and are about to expire.
  5. Choose FusionManager > Monitoring or FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, contact Huawei technical support.
    • If no, no further operation is required.

Related Information

None

Download
Updated: 2019-03-01

Document ID: EDOC1100010511

Views: 20660

Downloads: 12

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next
Enterprise APP

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.