search cancel

Can't access management console WebUI (GUI) after upgrade to From 1.x to 2.x

book

Article ID: 173196

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

After upgrading from 1.x to 2.x Management Center, can't access WebUI Management Console (GUI) over port 8082 of the Management Center. 

Cause

Please find this note made in the Management Center 2.1.1.1 release notes: 

"Upon upgrading from 1.x you may not be able to connect to the MC user interface using HTTPS. If this occurs, you will need to regenerate the default and bluecoat-appliance certificates"‚Äč

Reference:

Important Considerations for Upgrading to Management Center 2.1.1.1

 

 

Resolution

To resolve this issue follow the steps below:

 1. Find out which certificates are missing by issuing the following commands:

>enable
(enter enable mode password)
# ssl view certificate default
# ssl view certificate bluecoat-appliance

If the CLI reports that the certificate is not present, you'll need to create them. 

2. Create the default and bluecoat-appliance certs (depending on which ones were not present based on the previous commands in step 1). 

# ssl create certificate default

At this point, it will ask you for a subject. You can find information on this command in the Management Center CLI Guide under the section, "ssl create"

It will work if you add the hostname in the following format: CN=MCname.mydomain.com

The same can be done for the bluecoat-appliance cert:

# ssl create certificate bluecoat-appliance

--

After the certificates are created you should be able to access the GUI on port 8082 now. 

If you need to import a custom server (appliance) certificates from your PKI please follow the steps in the following article:

ssl inline
https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/management-center/3-1/index/c_config_commands/c_ssl/c_ssl_inline.htmlhttps://support.symantec.com/en_US/article.TECH245761.html

 

WORKAROUND: 

You can enable the HTTP console over port 8080 from the CLI to workaround the issue. To do this, open the CLI and enter the command into the config terminal shell:

>enable
(enter enable mode password)
# config t
(config)# security http enable

After that, you can access the MC via  http://<mc_ip>:8080