The tunnel certificate for server will expire in n days - But you don't have tunnels enabled
Article ID: 415134
Updated On:
Products
DX Unified Infrastructure Management (Nimsoft / UIM)
Issue/Introduction
We have started receiving alerts like:
Severity : Critical Message :The tunnel certificate for <server> (##.#.##.#) will expire in 7 days.
However, we don't have Tunnel Enabled and our hubs communicate via Static Route, Tunnels are in disabled state in primary hub and we have never received these alerts in last 3 years.
Why do I have these messages?
Environment
- DX UIM 23.4.*
- OS: Windows / Linux
Cause
- Tunnels have always 2 ends, a "Tunnel server" where the certificate is first created, and the other end the "Tunnel Client" where the certificate is copied to. This enables secure connectivity over port 48003.
- If the Tunnel Server is configured in the primary hub, and after an initial set up, it is disabled from the server side only but the Tunnel Client (a secondary hub) is not removed as well, the client certificate will still be "running" - even though is not enabling the connection. When that certificate is about to expire it will create an alarm, even though the Tunnel itself is not connected and it is not granting the connectivity between the 2 ends anymore.
Resolution
To Resolve this issue:
- Ensure the communication between the hubs in the environment is granted via Static Route (HUB GUI > Name Services > Check hub list).
- If communication is enabled via Static Route, it is safe to delete any certificate on any tunnel client and also disable the tunnel from the HUB GUI in the tunnel client side.
Additional Information
Feedback
Yes
No
Powered by
