[2013-11-12] 关于MSR设备和ICG设备重启后RSA密钥对丢失以及PKI证书不可用问题的解决方法
- 0关注
- 0收藏 1251浏览
关于MSR设备和ICG设备重启后RSA密钥对丢失以及PKI证书不可用问题的公告
【产品型号】
涉及产品: 全系列MSR款型和ICG3000D、ICG3000E,具体型号如下:
MSR 20-20、MSR 20-21、MSR 20-40、MSR30-16、MSR 30-20、MSR 30-40、MSR 30-60、MSR 50-40、MSR 50-60、MSR 50-40 MPU-G2、MSR 50-60 MPU-G2、MSR9XX、MSR20-1X、MSR30-11、MSR30-1X、MSR93X、MSR2600-10、MSR2600-17、ICG3000D、ICG3000E
【涉及版本】
E2509(MSR2600-10、MSR2600-17、ICG3000D、ICG3000E款型)
R2508和R2509(MSR 20-20、MSR 20-21、MSR 20-40、MSR30-16、MSR 30-20、MSR 30-40、MSR 30-60、MSR 50-40、MSR 50-60、MSR 50-40 MPU-G2、MSR 50-60 MPU-G2、MSR9XX、MSR20-1X、MSR30-11、MSR30-1X、MSR93X款型)
【问题描述】
在设备上生成RSA密钥对,保存后重启设备,RSA密钥对丢失,PKI证书不可用。
操作步骤如下:
1、生成RSA 密钥对
[H3C]public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++
++++++++++++++++++
++++++++
++++++++++++++++
2、查看RSA密钥对
[H3C]display public-key local rsa public
Time of Key pair created: 00:06:02 2012/01/01
Key name: HOST_KEY (default)
Key type: RSA
=====================================================
Key code:30819F300D06092A864886F70D010101050003818D0030818902818100E0AC5AC03DB50811DFCED960C245F0703B81CDB1F02579D81BA5FB100899EEBA0
3BB5A29601170F7C2518647C4159CAE754D583152B5DB09406065E01CC70913CB9B2E204182BE0E8431C0A620CE457017520D626C3B1493A599E94762BCDBFFB79D5
68A8FFB6DD659FE0F3482E7AC8EF8FB931D9E69470783C65EBE381190130203010001
Time of Key pair created: 00:06:03 2012/01/01
Key name: SERVER_KEY (default)
Key type: RSA
=====================================================
Key code:307C300D06092A864886F70D0101010500036B003068026100BF06E66AA8C82208D8C5A8C1A1D10D665E549275D337C16F6725BC43E82EA29AD3F27CE1B
F37AA2E9F051824EDBE5F5B3025AB1E29B3D7A412F55C2601D0D686C0F43510FA9075C2B5060B2FD74453C846E136D653D2004A648CC5CA7FF25CA30203010001
3、保存配置重启
[H3C]save
The current configuration will be written to the device. Are you sure? [Y/N]:
Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait....
Configuration is saved to device successfully.
[H3C]
<H3C>reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
This command will reboot the device. Continue? [Y/N]:y
#Jan 1 00:06:24:391 2012 H3C DEVM/1/REBOOT:
Reboot device by command.
%Jan 1 00:06:24:392 2012 H3C DEVM/5/SYSTEM_REBOOT: System is rebooting now.
Now rebooting, please wait...
<H3C>
System is starting...
Press Ctrl+D to access BASIC-BOOTWARE MENU
Booting Normal Extend BootWare
The Extend BootWare is self-decompressing..................Done!
4、重启后密钥对丢失,PKI证书不可用
<H3C>display public-key local rsa public
<H3C>
【原因分析】
设备启动过程中,在将密钥对加载到内存中时,系统判断错误导致加载失败。
【规避措施/解决方案】
升级到R2509P01版本(包含R2509P01),升级新版本不需要重新生成RSA本地密钥和申请证书,原有的证书和密钥仍可正常使用。
【参考资料】
如有问题,请联系杭州华三通信技术有限公司服务热线:4008100504。
该案例暂时没有网友评论
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作