No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Operation Guide 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
What Can I Do If Terminals Cannot Connect to eSight After I Upload Their Certificates and Restart eSight

What Can I Do If Terminals Cannot Connect to eSight After I Upload Their Certificates and Restart eSight

Symptom

Terminals cannot connect to eSight after I upload their certificates and restart eSight.

Possible Causes

  • The ACS address is incorrectly configured on the terminals.
  • Port 8444 fails to start.

Procedure

  1. Check whether the ACS address is correctly configured on the terminals.

    Access the web page of a terminal, choose Advanced > TR069, and check ACS Address. The address format must be https://IP:8444/tr069/services/acs, where IP indicates the IP address or domain name (such as uc.huawei.com) of eSight.

  2. Access https://IP:8444/tr069/services/acs from a browser. If the "The website is not available" message is displayed, port 8444 may fail to start.

    1. Access /AppBase/var/iemp/log/iemp/roa/roa.log in the eSight installation directory and search the keyword ucKeyStore. If a log similar to the following is found, port 8444 fails to start.

      2016-07-21 09:06:29,118 INFO [Start Level Event Dispatcher][ROA][com.huawei.oms.framework.roa.server.impl.JettyEmbeddedServer 1359] get store, path: /opt/eSight/AppBase/etc/certificate/ucKeyStore, name: null

      2016-07-21 09:06:29,119 ERROR [Start Level Event Dispatcher][ROA][com.huawei.oms.framework.roa.server.impl.JettyEmbeddedServer 1386] cert check failed: com.huawei.oms.cert.exception.CertException: Certificate sigAlg is not support: SHA1withRSA

      Due to security concerns, security verification during certificate upload to eSight is enhanced. Certificates using the SHA1withRSA algorithm cannot pass the verification, causing the port startup failure.

    2. To solve the problem, perform the following steps:

      Access \AppBase\etc\cert.conf\cert.policy in the eSight installation directory and add the following three files.

      • default-local-cert-policy_ext_ucc.properties
      • default-peer-cert-policy_ext_ucc.properties
      • default-trust-cert-policy_ext_ucc.properties

        Add the following information to the three files.

        includeSigAlg=SHA256withRSA;SHA1withRSA

        minPubKeyLen=1024

Translation
Download
Updated: 2019-09-12

Document ID: EDOC1100044378

Views: 73042

Downloads: 383

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next