Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Do If eSight Cannot Start Because No Certificate Exists or the Certificate Expires
Symptom
When a user logs in to the eSight console, a message is displayed, indicating that no certificate exists or the certificate expires, as shown in the following figure.
Figure 9-1 Message indicating that no certificate exists or the certificate expires (Linux)
![]()
Possible Causes
No certificate exists in the eSight installation directory or the certificate expires.
- If the user uses its own certificate, import the certificate to solve the problem. For details about how to import a certificate, see "Security Maintenance > Security Certificates" in the eSight Maintenance Guide.
- If the user uses a self-signed certificate, re-generate the self-signed certificate to solve the problem. The procedure for re-generating a self-signed certificate is as follows.
Procedure
- Linux
- In a high-availability system, perform the following operations only on the active node.
- If the error message eSight environment fails to be checked." containing "The certificate file is about to expire in 90 days or has already expired. is displayed during the startup, go to step 2.
- If no error message is displayed during the startup of the OMMHA two-node cluster and only error message certificate verify failed is displayed when you run the status.sh command to query the two-node cluster status, perform only step 3 to generate the OMMHA two-node cluster certificate.
- Log in to the operating system as the ossuser user.
- Generate a self-signed certificate.
- Configuration through a graphical tool (applicable only to the SUSE Linux operating system)
- Run the configuration file to open the certificate tool.
cd Installation directory/mttools/tools ./catool.sh
- Select Create Self-signed Certificate and click Next.
- Use default settings and click Apply.
- Click Finish.
- Run the configuration file to open the certificate tool.
- Configuration through commands (applicable to the Euler and SUSE Linux operating systems)
es_cli -cmd catool -type self
The es_cli -cmd catool -type self command can be used in eSight V300R010C00SPC500 and later versions.
- Configuration through a graphical tool (applicable only to the SUSE Linux operating system)
- Regenerate the OMMHA two-node cluster certificate.
If eSight is deployed in an OMMHA two-node cluster (with the "/opt/ommha/ha" directory), run the following command to switch to user root:
su - root
Password: Password of the root user
Perform the following operations to regenerate the OMMHA two-node cluster certificate:
cd /opt/ommha/config
sh create_ommha_cert.sh
