HPE 3PAR StoreServ Storage
1745909 Members
4095 Online
108723 Solutions
New Discussion

How to change file persona certification file?

 
SOLVED
Go to solution
zjjprofile
Occasional Contributor

How to change file persona certification file?

hi,guys

    I have a problem about file persona.   

    showvfs  , then I find that the certification  expired .   what should I do? what is the impact of the certification?How can I find the new certification file to replace the old one?

3 REPLIES 3
Mahesh202
HPE Pro
Solution

Re: How to change file persona certification file?

Hi

Thank you for comming on HPE Community Forums.


The below information shows the CLI commands to show the VFS information and generate a new certificate. Most likely the expired certificate will not affect user access to any shares except object and, I believe, ftp shares created with the SSL option. The following coloured text is from the FP Users Guide.

NOTE: Be sure to note the "Certificate Valid Until" field in the displayed output. This serves as a reminder to update the certificate before the indicated date, to avoid interruption of service for clients of Object Access.

I would suggest you have a look at the “Storage Information Library” and also refer to the “Command Line Interface Reference” and FP User Guide. The link for the library is:

https://techlibrary.hpe.com/us/en/storage/info-library/index.aspx#.Xpm2DshKhaQ


The default product is now Primera, so they will have to open the “Products & Solutions” drop down box and choose “3PAR Storeserv Storage” to see the list of available documents.

Hope this helps.

Please find the steps mentioned below on how to how to generate a new VFS certificate when it is reported that it is about to expire.

 

Customer Version
Release version 3.2.2.612 (MU4)
Patches: P56,P59,P84,P85,P92,P94,P95

Customer Event
Event id: 2258487 Node 0 Cust Alert - Yes, Svc Alert - Yes Severity: Degraded
Event time: Mon Feb 19 16:00:01 2018
Event type: evt_fs_vs_cert_state_change Alert ID: 1179 Msg ID: 820001
Component: File Services Virtual Server Certificate 0 defaultCertificate
Short Dsc: File Services Virtual Server Certificate:0:defaultCertificate D
Event String: File Services Virtual Server Certificate:0:defaultCertificate Degraded (DOWN)
<ShortDesc>File Services Virtual Server Certificate:0:defaultCertificate D</ShortDesc>
<EventString>File Services Virtual Server Certificate:0:defaultCertificate Degraded (DOWN)</EventString>
<els>Certificate defaultCertificate for FPG NGRCA7_VFS02 on VirtualServer NGRCA7_VFS02 will be expired on Mon Feb 26 17:53:04 UTC 2018, time remaining is 6 day(s), 17 hr(s), 53 min(s), 3 sec(s)</els>

Customer VFS Certificate information
----- showvfs -d -----
-----------------Virtual File Server-----------------
Virtual File Server : NGRCA7_VFS02
File Provisioning Group : NGRCA7_VFS02
Comment : Virtual File Server2
UUID : d9cb2f38-f911-4505-9f06-fb1776e17830-2
VFSIP ID : 191af4f71c8145d985b113677b5c64e7
VFSIP Address : 55.190.6.21
VFSIP Subnet mask : 255.255.255.0
VFSIP vlanTag : 0
State : normal
Default Block Grace Time (s) : 604800
Default Inode Grace Time (s) : 604800
Snapshot Quota Accounting : Enabled
Certificate Name : defaultCertificate
Certificate Valid From : Fri Feb 27 17:53:04 UTC 2015
Certificate Valid Until : Mon Feb 26 17:53:04 UTC 2018
Certificate Issuer : CN=3PAR, O=Hewlett-Packard Development Company, L=Palo Alto, ST=CA, C=US
Certificate Sub Issuer : CN=3PAR, O=Hewlett-Packard Development Company, L=Palo Alto, ST=CA, C=US
Certificate Serial No. : 0
Certificate Version : 3
Certificate Contents :
….


Lab test
1. Display current VFS certificate expiry date
root@1612326-1 Tue Feb 20 09:00:02:~# showvfs -d -vfs moto
-----------------Virtual File Server-----------------
Virtual File Server : moto
File Provisioning Group : psfpg1
Comment : created by Paul Savoie
UUID : 386eb9e2-e33a-47ee-8e18-40f4204039e4-2
State : normal
Default Block Grace Time (s) : 604800
Default Inode Grace Time (s) : 604800
Snapshot Quota Accounting : Disabled
Certificate Name : defaultCertificate
Certificate Valid From : Mon Jun 05 19:38:55 UTC 2017
Certificate Valid Until : Thu Jun 04 19:38:55 UTC 2020
Certificate Issuer : CN=3PAR, O=Hewlett Packard Enterprise Development LP, L=Palo Alto, ST=CA, C=US
Certificate Sub Issuer : CN=3PAR, O=Hewlett Packard Enterprise Development LP, L=Palo Alto, ST=CA, C=US
Certificate Serial No. : 0
Certificate Version : 3
Certificate Contents :
-----BEGIN CERTIFICATE-----
...

2. Generate a new VFS certificate
root@1612326-1 Tue Feb 20 09:00:52:~# setvfs -certgen moto

3. Display new certificate expiry date
root@1612326-1 Tue Feb 20 09:01:28:~# showvfs -d -vfs moto
-----------------Virtual File Server-----------------
Virtual File Server : moto
File Provisioning Group : psfpg1
Comment : created by Paul Savoie
UUID : 386eb9e2-e33a-47ee-8e18-40f4204039e4-2
State : normal
Default Block Grace Time (s) : 604800
Default Inode Grace Time (s) : 604800
Snapshot Quota Accounting : Disabled
Certificate Name : defaultCertificate
Certificate Valid From : Tue Feb 20 14:01:13 UTC 2018
Certificate Valid Until : Fri Feb 19 14:01:13 UTC 2021
Certificate Issuer : CN=3PAR, O=Hewlett Packard Enterprise Development LP, L=Palo Alto, ST=CA, C=US
Certificate Sub Issuer : CN=3PAR, O=Hewlett Packard Enterprise Development LP, L=Palo Alto, ST=CA, C=US
Certificate Serial No. : 0
Certificate Version : 3
Certificate Contents :
-----BEGIN CERTIFICATE-----
...

 

Hope this Helps!!


Regards
Mahesh202

If you feel this was helpful please click the KUDOS! thumb below!

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo


zjjprofile
Occasional Contributor

Re: How to change file persona certification file?

Thank you very much for your answer. This is very helpful to me

Sanja1
Frequent Advisor

Re: How to change file persona certification file?

@Mahesh202 

I'm having "Certificate for vfs cert expired".

I do not have file persona configured. When i do showvfs -d i get "File Services is not configured on this array."
Cert for unified-server* is until 2026.

Is there some way just to extend vfs cert?