VNX: Error: Certificate has invalid date. (User Correctable)

           

   Article Number:     514659                                   Article Version: 5     Article Type:    Break Fix 
   

 


Product:

 

Unisphere for VNX,VNX1 Series,VNX2 Series,VNX-VSS Series,VNX5100,VNX5150,VNX5200,VNX5300,VNX5400,VNX5500,VNX5600,VNX5700,VNX5800,VNX7500,VNX7600,VNX8000

 

Issue:

 

 

When trying to connect to the VNX via Unisphere UI the following error appears:   
   
    Certificate Warning   
    The system can not be managed for the following reasons.   
   
    Certificate has invalid date   
   
    Unable to connect with Unisphere/Browser to VNX
                                                           

 

 

Cause:

 

 

The SP SSL certificate is expired which prevents HTTPS communication.    
   
     
                                                           

 

 

Resolution:

 

 

When you click on the details of the certificate you will find that the certificate "valid to": date has expired.   
   
    1. Change the time on your PC/Laptop "from time" to be between the certificate "Valid from:" and "Valid to:"  time.   
    2. Connect via Unisphere to the System and sellect the SPA properties   
    3. Change the SPA time to the current local time.   
    4. Login as administrator user like sysadmin to the array via https://SPA_IP/setup.   
    5. Select "Manage SSL/TLS Certificate"   
   
    There are two possible scenarios here, either a self signed certificate is in use or a CA signed certificate is in use. The more common one is a self-signed certificate but either way works depending on the needs of the environment and whether or not there is a valid CA server that can sign the CSR generated in unisphere.   
   
    (Option 1)   
    Generate a self-signed certificate(See KB 000320471 for more detail):   
    1. Click "Generate a Self-Signed Certificate"   
   
    (Option 2)   
    Create a customer signed CA cert (See KB 000331310 for more detail) :   
    1. Click Generate CSR (Certificate Signing Request)   
    2. Once the signing request is created have the customer get the CSR signed by their CA server.   
    3. Once the CSR is signed it needs to be imported onto the SP. Go back to "Manage SSL/TLS Certificate"   
    4. Click "Import Certificate"   
    5. Upload the certificate that was signed by the CA server.   
   
    Once the new certificate is in place repeat the same steps on SPB and then verify that Unisphere is now accessible.