• MapReduce Service

mrs
  1. Help Center
  2. MapReduce Service
  3. User Guide
  4. MRS Manager Operation Guide
  5. Alarm Reference
  6. ALM-12054 The Certificate File Is Invalid

ALM-12054 The Certificate File Is Invalid

Description

The system checks whether the certificate file is invalid (has expired or is not yet valid) on 23:00 every day. This alarm is generated when the certificate file is invalid.

This alarm is cleared if the status of the newly imported certificate is valid.

Attribute

Alarm ID

Alarm Severity

Automatically Cleared

12054

Major

Yes

Parameters

Parameter

Description

ServiceName

Specifies the service for which the alarm is generated.

RoleName

Specifies the role for which the alarm is generated.

HostName

Specifies the host for which the alarm is generated.

Impact on the System

The system reminds users that the certificate file is invalid. If the certificate file expires, some functions are restricted and cannot be used properly.

Possible Causes

No HA root certificate or HA user certificate is imported, certificate import fails or the certificate file is invalid.

Procedure

Locate the alarm cause.

  1. On MRS Manager, view the real-time alarm list and locate the target alarm.

    In the Alarm Details area, view the additional information about the alarm.

    • If CA Certificate is displayed in the additional information, use PuTTY to log in to the active OMS node as user omm and go to Step 2.
    • If HA root Certificate is displayed in the additional information, check Location to obtain the name of the host involved in this alarm. Then use PuTTY to log in to the host as user omm and go to Step 3.
    • If HA server Certificate is displayed in the additional information, check Location to obtain the name of the host involved in this alarm. Then use PuTTY to log in to the host as user omm and go to Step 4.

Check the validity period of the certificate file.

  1. Check whether the current system time is in the validity period of the CA certificate.

    Run the openssl x509 -noout -text -in ${CONTROLLER_HOME}/security/cert/root/ca.crt command to check the effective time and due time of the CA certificate.

  2. Check whether the current system time is in the validity period of the HA root certificate.

    Run the openssl x509 -noout -text -in ${CONTROLLER_HOME}/security/certHA/root-ca.crt command to check the effective time and expiration time of the HA root certificate.

  3. Check whether the current system time is in the validity period of the HA user certificate.

    Run the openssl x509 -noout -text -in ${CONTROLLER_HOME}/security/certHA/server.crt command to check the effective time and expiration time of the HA user certificate.

    • If yes, go to Step 8.
    • If no, go to Step 6.

      The example of the effective time and expiration time of the HA/CA certificate:

      Certificate: 
          Data: 
              Version: 3 (0x2) 
              Serial Number: 
                  97:d5:0e:84:af:ec:34:d8 
              Signature Algorithm: sha256WithRSAEncryption 
             Issuer: C=CountryName, ST=State, L=Locality, O=Organization, OU=IT, CN=HADOOP.COM 
              Validity 
                  Not Before: Dec 13 06:38:26 2016 GMT           //The effective time. 
                  Not After : Dec 11 06:38:26 2026 GMT             //The expiration time.

Import the certificate file.

  1. Import a new CA certificate file.

    Apply for or generate a CA certificate file and import it to the system. For details, see section Replacing HA Certificates in the Administrator Guide. Manually clear the alarm and check whether this alarm is generated again during periodic check.

    • If yes, go to Step 8
    • If no, no further action is required.

  2. Import a new HA certificate file.

    Apply for or generate an HA certificate file and import it to the system. For details, see section Replacing HA Certificates in the Administrator Guide. Manually clear the alarm and check whether this alarm is generated again during periodic check.

    • If yes, go to Step 8.
    • If no, no further action is required.

Collect fault information.

  1. On MRS Manager, choose System > Export Log.
  2. Contact technical support engineers for help, detail see technical support.

Related Information

N/A