安装续订的证书后、在集群命令行界面中看不到过期的客户端CA证书

最后更新
另存为PDF

Views:: 5

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

适用场景

ONTAP 9

证书颁发机构(CA)证书

问题描述

发现类型为 client-ca 的 CA 证书即将过期，因此获取了新的 CA 证书并将其安装在集群上。之后、EMS会显示以下EMS消息：

Mon Feb 24 00:00:03 -0800 [Node100a: mgwd: mgmtgwd.certificate.expired:error]: A digital certificate with Fully Qualified Domain Name (FQDN) CA_Cert_Name, Serial Number 5xxxxxx, Certificate Authority 'CAAuth' and type client-ca for Vserver SVM100 has expired.

序列号5xxxxxx是即将到期的旧证书的序列号。

在集群命令行界面中看不到此证书

Cluster::> security certificate show -vserver SVM100 -type client-ca

Vserver Serial Number Certificate Name Type ---------- --------------- -------------------------------------- ------------ SVM100 67D68CA1E92DF92B CA_Cert_Name_68CA1E92DF92B client-ca Certificate Authority: CAAuth Expiration Date: Fri Feb 06 10:27:32 2026

<No information for the original certificate serial number 5xxxxxx>

使用 security certificate show-user-installed 命令也看不到此错误证书。

ASUP (certifice.XML)显示即将到期的证书和已续订的证书：

Name of Vserver FQDN or Custom Common Name Serial Number of Certificate Certificate Authority Type of Certificate Certificate Expiration Date Unique Certificate Name SVM100 adminCert 53B997FF3C33B52D CAAuth client-ca Fri Dec 13 10:47:29 2024 CA_Cert_Name SVM100 adminCert 67D68CA1E92DF92B CAAuth client-ca Fri Feb 06 10:27:32 2026 CA_Cert_Name_68CA1E92DF92B