Syslog certificate is added successfully but not listing under seccertmgmt show command
Applies to
- Brocade switch
Issue
- While importing the syslog certificate using switch CLI from server to switch, it shows
emptywhile doing validation. - Syslog certificate is added successfully but not listing with "
seccertmgmt show" command. - Issue persists even post performing
harebootand reboot of the switch.
- Tried to delete and re-install the certificate, but issue still persists.
swirtch-a:FID128:admin> seccertmgmt show -all
ssh private key:
Exists
ssh public keys available for users:
strun
Certificate Files:
--------------------------------------------------------------------------------------------------------------------
Protocol Client CA Server CA SW CSR PVT Key Passphrase
--------------------------------------------------------------------------------------------------------------------
FCAP Empty NA Empty Empty Empty Empty
RADIUS Empty Empty Empty Empty Empty NA
LDAP Empty Empty Empty Empty Empty NA
RSA NA Empty NA NA NA NA
FA NA Empty NA NA NA NA
SYSLOG Empty Empty Empty Exist Exist NA
HTTPS NA Empty Exist Empty Exist NA
KAFKA NA Empty NA NA NA NA
ASC NA Empty NA NA NA NA
Switch-a:FID128:admin> seccertmgmt show -ca -server syslog
No syslog CA certificate found
Switch-a:FID128:admin> seccertmgmt import -ca -server syslog -protocol scp -ipaddr 10.239.91.xx -remotedir /tmp/Brocade_FOS -certname certificate.pem -login xxxxx
Password:
Success: imported syslog server CA certificate [certificate.pem].
Switch-a:FID128:admin> seccertmgmt show -ca -server syslog
No syslog CA certificate found
Switch-a:FID128:admin> seccertmgmt delete -ca -server syslog
WARNING!!!
About to delete syslog CA certificate file(s)
Continue (yes, y, no, n): [no] y
Syslog server CA certificate does not exist
Switch-a:FID128:admin> seccertmgmt import -ca -server syslog -protocol scp -ipaddr 10.239.91.211 -remotedir /tmp/Brocade_FOS -certname certificate.pem -login sharanoa
Password:
Success: imported syslog server CA certificate [certificate.pem].
Switch-a:FID128:admin> seccertmgmt show -ca -server syslog
No syslog CA certificate found
- Supportsave logs show on the impacted switch the ip address is missing in the
syslog-ng.conffile, but it is present in the working switch. - There were soft links present in the
/etc/syslog-ng/ca.ddirectory-
switch-a:FID128> ls -l /etc/syslog-ng/ca.d
total 12
-rw-r----- 1 root admin 1245 Jan 29 17:39 172.21.210.xxx.csr
lrwxrwxrwx 1 root admin 6 Jan 29 18:57 48ccd5xx.0 -> ca.pem
-rw-r--r-- 1 root admin 0 Jan 29 18:57 ca.pem
lrwxrwxrwx 1 root admin 26 Aug 3 2023 f39d86xx.0 -> /etc/syslog-ng/ca.d/ca.pem
-r-------- 1 root admin 1704 Jan 29 17:36 pvt_key
-rw-r--r-- 1 root admin 58 Jan 29 18:57 syslog_link_hash