从 AIQUM 9.18 续订客户端类型证书,但新证书未安装在 ONTAP 集群中
适用于
- Active IQ Unified Manager(AIQUM) 9.18
- ONTAP 9
- 重新生成 Unified Manager 客户端证书
问题
- 按照重新生成 Unified Manager 客户端证书中提到的步骤续订客户端证书后,新证书未安装在 ONTAP 集群中。
server_acq.log表示更新客户端证书时 ONTAP 授权失败。
2026-02-03 13:30:20,512 INFO [ServerService Thread Pool -- 110] c.n.s.a.s.r.s.p.e.i.AcquisitionFacadeSessionLocalServiceImpl (AcquisitionFacadeSessionLocalServiceImpl.java:269) - Updating cluster certificate details upon client ceritificate regeneration...2026-02-03 13:30:32,649 ERROR [ServerService Thread Pool -- 110] c.n.u.RestUtil (RestUtil.java:267) - Fetching of details from Ontap failed with error code: 4012026-02-03 13:30:36,714 ERROR [ServerService Thread Pool -- 110] c.n.o.n.e.EmsManager (EmsManager.java:437) - Failed to call system-get-version -- : netapp.manage.NaAuthenticationException: Authorization failed...2026-02-03 13:30:36,717 ERROR [ServerService Thread Pool -- 110] c.n.s.a.s.r.s.p.e.i.AcquisitionFacadeSessionLocalServiceImpl (AcquisitionFacadeSessionLocalServiceImpl.java:300) - handleClientCertRegeneration: failed to handle scenario of client certificate regeneration;: java.lang.NullPointerException: Cannot invoke "com.netapp.oci.netapp.ems.EmsUtil$ClientKeyInformation.getClientCertificateKeySerial()" because "clientKeyInformation" is null
- ONTAP
apache-error.log表示同时拒绝 AIQUM 主机的身份验证:
[dot:error] [pid 16361:tid 34402004736] [client [AIQUM-MGMT]:38206] [vserver ID xxxxx] [service rest] Authentication denied for user admin, application http[auth_basic:error] [pid 16361:tid 34402004736] [client [AIQUM-MGMT]:38206] AIQUM-hostname: user admin: authentication failure for "/api/cluster/nodes": Password Mismatch