No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI CLOUD Stack 6.5.0 Alarm and Event Reference 04

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ALM-2000724 Certificate Exception Alarm

ALM-2000724 Certificate Exception Alarm

Description

This alarm is generated when the TaskCenter certificate is about to expire, has expired, is invalid, or does not exist.

Attribute

Alarm ID

Alarm Severity

Auto Clear

2000724

Critical

Yes

Parameters

Parameter

Description

Resource name

Name of the device for which the alarm is generated

Resource type

MONITOR

Monitor type

Service monitoring

Host IP address

IP address of the host

Details

Data in recent periods

Threshold

Threshold for generating an alarm

Impact on the System

TaskCenter is unavailable.

Possible Cause

  • If the threshold is 1, the certificate is about to expire.
  • If the threshold is 2, the certificate has expired.
  • If the threshold is 3, the certificate is invalid or does not exist.

Prerequisites

  • You have obtained the root certificate, signed certificate, and password used for generating the certificate store. For example, the root certificate is ca.crt, and the signed certificate is server.crt.
  • A tool for remote access on various platforms, such as PuTTY, is available.
  • You have obtained a file transfer tool, such as WinSCP.
  • You have obtained the management IP address as well as passwords of users apitask and root of the TaskCenter node for which the SSL certificate is to be replaced.
    NOTE:

    The default password of user root is Cloud12#$, that of user apitask is cnp200@HW, and that of the server.keystore certificate is Huadan@szx666.

Procedure

  1. Log in to ManageOne Maintenance Portal using a browser.

    • URL: https://Address for accessing the homepage of ManageOne Maintenance Portal:31943, for example, https://oc.type.com:31943
    • Default username: admin; default password: Huawei12#$

  2. On the menu bar in the upper part of the page, choose Alarms > Current Alarms.
  3. In the alarm list, locate the alarm to be handled, and click on the left of the alarm. The Details page is displayed.
  4. Choose Location Info, obtain the host IP address, that is, the IP address of the node where the alarm is generated.
  5. Use PuTTY to log in to the node for which the alarm is generated. Ensure that the IP address of the node obtained in 4 is used to establish the connection.

    The default username is apitask. The default password is cnp200@HW.

  6. Use a network transfer tool, such as WinSCP, to upload the obtained certificate to the /home/apitask directory on the TaskCenter node.
  7. Run the following command and enter the password of the root user to switch to the root user:

    sudo su - root

  8. Run the following command to disable user logout upon timeout:

    TMOUT=0

  9. Run the following command to switch to the directory containing the certificate:

    cd /opt/taskcenter/taskcenter-service/resources/keystore

  10. Run the following command to back up the original certificate store:

    mv server.keystore server.keystore.bak

  11. Run the following command to generate new certificate store file server.keystore:

    cd /home/apitask

    source /etc/profile

    openssl pkcs12 -export -in Certificate name -inkey Private key name -out server.keystore -name tomcat_server

    For example:

    openssl pkcs12 -export -in server.crt -inkey server.key -out server.keystore -name tomcat_server

  12. Enter the certificate store password twice as prompted. The password must be the same as that of the private key file.
  13. Run the following command to import the root certificate:

    keytool -import -v -trustcacerts -alias ca_root -file CA certificate name -keystore server.keystore

    For example, run the following command to import the server.crt certificate:

    keytool -import -v -trustcacerts -alias ca_root -file ca.crt -keystore server.keystore

    Information similar to the following is displayed:

    Enter keystore password:

  14. Enter the password of the certificate store and press Enter.
  15. Type yes and press Enter.

    If the following information is displayed, the CA certificate is imported:

    Certificate reply was installed in keystore  
      [Storing server.keystore]

  16. Run the following command and enter the certificate store password as prompted to check whether the certificate is imported successfully:

    keytool -list -v -keystore server.keystore

    If the following information is displayed, the certificate is imported successfully:
    Your keystore contains 2 entries
    NOTE:

    If a message indicating that the keytool command does not exist is displayed in the command output, run the source /etc/profile command to import environment variables.

  17. Run the following commands to modify the right on certificate store permission:

    chmod 600 server.keystore

    chown apitask:apitask server.keystore

  18. Run the following command to copy certificate store server.keystore containing the imported certificate to the keystore directory:

    cp /home/apitask/server.keystore /opt/taskcenter/taskcenter-service/resources/keystore

  19. Run the following command to delete the certificate from the /home/apitask directory.

    rm server.keystore ca.crt server.crt

  20. Run the following commands to encrypt the private key password:

    cd /opt/taskcenter/taskcenter-service/bin

    sh kspass.sh ks

    Information similar to the following is displayed:

    Please input the keystore password: 
    Please input the keystore password again: 
    Please input the key password (Press 'ENTER' if same as keystore password):

  21. Enter the certificate store password and key password and press Enter.

    The modification is successful if the following information is displayed:

    Result: success.

    The ciphertext of randomly generated key password is saved in the TaskCenter configuration file.

  22. Run the following command to switch to the apitask user:

    su - apitask

    Default password: cnp200@HW

  23. Run the following commands to restart TaskCenter:

    sh stop.sh

    sh startup.sh

  24. Run the following command to check whether the TaskCenter process is running properly:

    ps -ef | grep taskcenter | grep -v grep

    If information similar to the following is displayed, the process is running properly:

    apitask 13773 1 0 11:47 ? 00:00:15 /opt/common/jre/bin/java -Dname=taskcenter -classpath ...
    • If yes, the certificate is successfully replaced. Go to 25.
    • If no, contact technical support for assistance.

  25. Check whether the alarm is cleared.

    • If yes, no further action is required.
    • If no, contact technical support for assistance.

Reference

None

Translation
Download
Updated: 2019-08-30

Document ID: EDOC1100062365

Views: 34685

Downloads: 31

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next