|Article Number: 514659||Article Version: 5||Article Type: Break Fix|
Unisphere for VNX,VNX1 Series,VNX2 Series,VNX-VSS Series,VNX5100,VNX5150,VNX5200,VNX5300,VNX5400,VNX5500,VNX5600,VNX5700,VNX5800,VNX7500,VNX7600,VNX8000
When trying to connect to the VNX via Unisphere UI the following error appears:
The system can not be managed for the following reasons.
Certificate has invalid date
Unable to connect with Unisphere/Browser to VNX
The SP SSL certificate is expired which prevents HTTPS communication.
When you click on the details of the certificate you will find that the certificate "valid to": date has expired.
1. Change the time on your PC/Laptop "from time" to be between the certificate "Valid from:" and "Valid to:" time.
2. Connect via Unisphere to the System and sellect the SPA properties
3. Change the SPA time to the current local time.
4. Login as administrator user like sysadmin to the array via https://SPA_IP/setup.
5. Select "Manage SSL/TLS Certificate"
There are two possible scenarios here, either a self signed certificate is in use or a CA signed certificate is in use. The more common one is a self-signed certificate but either way works depending on the needs of the environment and whether or not there is a valid CA server that can sign the CSR generated in unisphere.
Generate a self-signed certificate(See KB 000320471 for more detail):
1. Click "Generate a Self-Signed Certificate"
Create a customer signed CA cert (See KB 000331310 for more detail) :
1. Click Generate CSR (Certificate Signing Request)
2. Once the signing request is created have the customer get the CSR signed by their CA server.
3. Once the CSR is signed it needs to be imported onto the SP. Go back to "Manage SSL/TLS Certificate"
4. Click "Import Certificate"
5. Upload the certificate that was signed by the CA server.
Once the new certificate is in place repeat the same steps on SPB and then verify that Unisphere is now accessible.