通过白牌包导入ssl证书失败,报错如下,像是解密证书失败:
但是在web上手动导入可以成功:
请问这是我的证书问题还是怎么回事?
@liujie_11 从日志来看,该证书的内容解析发生了失败,关于证书的管理在 security SIG,这边转接过去并且让责任人进行进一步问题分析。
@lwj 请分析和支撑一下该问题
从日志来看,在证书管理组件传入了文本类证书信息,解码失败了。
在om模块也存在白牌证书解密的失败消息
怀疑白牌证书制作的时候,加密方式和历史版本不一致,可以检查一下白牌证书制作的流程是否正确
这个证书可以在web ssl证书页面导入,这可以说明证书本身没问题么
如果证书本身可以导入,那证书是没问题的,我记得白牌证书的制作是有一部openssl加密的动作,是不是那个动作不太对。制作流程里面是有个密码加密的,具体流程可以找PAE咨询一下
好的 我咨询一下 感谢!
我也有这个问题,同样是同一个ssl证书,web可以导入,wbd升级不能导入。
web导入提示
一键收集,证书,密码,wbd-image.hpm已经邮件发送给你邮箱了,麻烦帮忙看看
@lwj
以下是升级过程中的日志,因为白牌包会清除日志,所以一键收集中可能没有呈现这部分内容
2025-11-04 10:04:28.180424 web_backend NOTICE: init.lua(98): upload content length:number
53897, remaining capacity space:number 134217728
2025-11-04 10:04:28.306724 storage NOTICE: vpd_connector.lua(289): begin update_connector2
2
2025-11-04 10:04:28.428768 firmware_mgmt NOTICE: active_fructl.lua(95): get host type is S
inglehost
2025-11-04 10:04:28.429829 firmware_mgmt NOTICE: utils.lua(36): The file path is Local.
2025-11-04 10:04:28.431907 storage ERROR: vpd_connector.lua(155): get header data failed,
ret is BMC.Error.Unknow: ./opt/bmc/libmc/lualib/mc/context.lua:197: ./opt/bmc/libmc/lualib
/sd_bus/object.lua:314: ./opt/bmc/apps/hwproxy/lualib/hwproxy_objects/app_bus.lua:104: …
bmc/apps/hwproxy/lualib/hwproxy_objects/work_objects.lua:117: chip: Chip_Virtual_SSD_01010
20F, bus: I2c_5, read failed: chip.lua:414: response error, chip internal error, SMC compl
etion code: 4
2025-11-04 10:04:28.432311 storage NOTICE: vpd_connector.lua(243): vpd_connector22 get com
mon header failed
2025-11-04 10:04:28.432890 firmware_mgmt NOTICE: init.lua(79): Upgrading_Flag is true
2025-11-04 10:04:28.432553 storage NOTICE: vpd_connector.lua(267): connector get protocol
is 255
2025-11-04 10:04:28.452183 firmware_mgmt NOTICE: init.lua(40): update status to FS_SIMPLE_
UPGRADING.
2025-11-04 10:04:28.477592 firmware_mgmt NOTICE: task_mgmt.lua(287): Create task[Id: 77508
960, StartTime: 2025-11-04T10:04:28+00:00, Progress: 0, State: New] successfully
2025-11-04 10:04:28.481358 firmware_mgmt NOTICE: task_service.lua(59): task create success
, task id: 77508960
2025-11-04 10:04:28.481959 firmware_mgmt NOTICE: task_id_mgmt.lua(30): add serial task id(
- successfully
2025-11-04 10:04:28.483577 firmware_mgmt NOTICE: tasks_scheduling.lua(121): start tasks pr
ocesser
2025-11-04 10:04:28.578572 firmware_mgmt NOTICE: task_mgmt.lua(418): Update task[Id: 77508
960, StartTime: 2025-11-04T10:04:28+00:00, Progress: 0, State: Running] successfully
2025-11-04 10:04:28.640223 firmware_mgmt NOTICE: file_transfer.lua(141): start to move fil
e [WBD-image.hpm] from tmp to shm
2025-11-04 10:04:28.703812 firmware_mgmt NOTICE: file_transfer.lua(146): move_file_s ok:tr
ue, err:0
2025-11-04 10:04:28.819002 firmware_mgmt NOTICE: validate_sign.lua(195): verify signature
successfully
2025-11-04 10:04:28.819765 firmware_mgmt NOTICE: action.lua(37): Validate signature succes
sfully
2025-11-04 10:04:28.822623 firmware_mgmt NOTICE: hpm_package.lua(757): ManufacturerValidat
eEnabled is false, there is no need to validate manufacture_id.
2025-11-04 10:04:28.999726 firmware_mgmt NOTICE: hpm_package.lua(562): parse cfg file succ
essfully, Version:1.0 FileNum:2
2025-11-04 10:04:29.001134 firmware_mgmt NOTICE: hpm_package.lua(450): get obj table: 0x34
17a3b1dec0 for Id=17
2025-11-04 10:04:29.001770 firmware_mgmt NOTICE: hpm_package.lua(457): get obj table: 0x34
17a3b1dec0 for Id=17
2025-11-04 10:04:29.003099 firmware_mgmt NOTICE: hpm_package.lua(468): get obj table: 0x34
17a3b1dec0 for Id=17
2025-11-04 10:04:29.004168 firmware_mgmt NOTICE: hpm_package.lua(415): System product info
:ProductId(0), ProductVendorID(0x00000001), ProductUniqueID(0x030ABF00)
2025-11-04 10:04:29.005779 firmware_mgmt NOTICE: hpm_package.lua(329): check product id su
ccessfully
2025-11-04 10:04:29.006814 firmware_mgmt NOTICE: hpm_package.lua(376): There is no BoardID
in update.cfg, need not to verify board id
2025-11-04 10:04:29.007876 firmware_mgmt NOTICE: hpm_package.lua(443): get obj table: 0x34
17a3b1dec0 for Id=17
2025-11-04 10:04:29.009262 firmware_mgmt NOTICE: hpm_package.lua(494): hard_revision:0, so
ft_revision:0
2025-11-04 10:04:29.010274 firmware_mgmt NOTICE: hpm_package.lua(507): revision number che
ck successfully. Target revision=(0, 0) and hpm revision=nil
2025-11-04 10:04:29.118967 firmware_mgmt NOTICE: action.lua(47): Parse hpm package success
fully
2025-11-04 10:04:29.135177 firmware_mgmt NOTICE: task_instance.lua(217): upgrade_task file
_name=WBD-image.hpm, FirmwareType=WhiteBranding, fw_num=1, UniqueIDList=nil, sys_id=1, inf
o_key=1_WhiteBranding_77508960
2025-11-04 10:04:29.234821 firmware_mgmt NOTICE: info_mgmt.lua(82): create_info: info_key=
1_WhiteBranding_77508960, FirmwareType=WhiteBranding, task_id=77508960, upg_fw_num=1
2025-11-04 10:04:29.326973 firmware_mgmt NOTICE: task_instance.lua(662): firmware(info key
:1_WhiteBranding_77508960) do upgrade stages
2025-11-04 10:04:29.327564 firmware_mgmt NOTICE: task_instance.lua(295): public initialize
action start
2025-11-04 10:04:29.328279 firmware_mgmt NOTICE: hpm_package.lua(479): get obj table: 0x34
17a3b1dec0 for Id=17
2025-11-04 10:04:29.328775 firmware_mgmt NOTICE: hpm_package.lua(519): now uptime = 5320,
firmware init time = 0
2025-11-04 10:04:29.329418 firmware_mgmt NOTICE: hpm_package.lua(450): get obj table: 0x34
17a3b1dec0 for Id=17
2025-11-04 10:04:29.330026 firmware_mgmt NOTICE: task_instance.lua(300): public initialize
action end
2025-11-04 10:04:29.330567 firmware_mgmt NOTICE: info_mgmt.lua(240): info_key(1_WhiteBrand
ing_77508960) upgrade set_stage: INITIALIZE → DIFF_PREPARE, 5
2025-11-04 10:04:29.427425 firmware_mgmt NOTICE: task_mgmt.lua(418): Update task[Id: 77508
960, StartTime: 2025-11-04T10:04:28+00:00, Progress: 5, State: Starting] successfully
2025-11-04 10:04:29.436900 general_hardware NOTICE: upgrade_subject.lua(82): [on_upgrade_p
repare] firmware_type:WhiteBranding cur_firmware_type:WhiteBranding
2025-11-04 10:04:29.437346 general_hardware ERROR: upgrade_subject.lua(86): [on_upgrade_pr
epare] does not exists the observer, firmware_type:WhiteBranding
2025-11-04 10:04:29.438421 product_mgmt NOTICE: upgrade_mgmt.lua(66): [WBD] start preparin
g upgrade
2025-11-04 10:04:29.447380 firmware_mgmt NOTICE: info_mgmt.lua(393): set FirmwareMode to S
ingle
2025-11-04 10:04:29.448036 firmware_mgmt NOTICE: info_mgmt.lua(240): info_key(1_WhiteBrand
ing_77508960) upgrade set_stage: DIFF_PREPARE → COMMON_PREPARE, 5
2025-11-04 10:04:29.527892 firmware_mgmt NOTICE: action.lua(86): public prepare action sta
rt
2025-11-04 10:04:29.582080 firmware_mgmt NOTICE: worker: start action in worker
2025-11-04 10:04:29.604523 product_mgmt NOTICE: upgrade_mgmt.lua(79): [WBD] complete prepa
ring upgrade, ret=0
2025-11-04 10:04:29.658499 firmware_mgmt NOTICE: worker: execute before action scrip
t successfully
2025-11-04 10:04:30.582926 firmware_mgmt NOTICE: task_instance.lua(673): upgrade FirmwareM
ode Single
2025-11-04 10:04:30.582531 firmware_mgmt NOTICE: action.lua(92): public prepare action end
2025-11-04 10:04:30.683871 firmware_mgmt NOTICE: info_mgmt.lua(240): info_key(1_WhiteBrand
ing_77508960) upgrade set_stage: COMMON_PREPARE → PROCESS, 15
2025-11-04 10:04:30.785444 firmware_mgmt NOTICE: task_mgmt.lua(418): Update task[Id: 77508
960, StartTime: 2025-11-04T10:04:28+00:00, Progress: 15, State: Starting] successfully
2025-11-04 10:04:30.786402 firmware_mgmt NOTICE: task_instance.lua(325): sys_id=1, fw_type
=WhiteBranding, filename=/dev/shm/upgrade/77508960/Firmware1
2025-11-04 10:04:30.795682 product_mgmt NOTICE: upgrade_mgmt.lua(88): [WBD] start processi
ng upgrade
2025-11-04 10:04:30.796705 general_hardware ERROR: upgrade_subject.lua(105): [on_upgrade_p
rocess] does not exists the observer, firmware_type:WhiteBranding
2025-11-04 10:04:31.199998 firmware_mgmt NOTICE: info_mgmt.lua(240): info_key(1_WhiteBrand
ing_77508960) upgrade set_stage: PROCESS → COMMON_FINISH, 95
2025-11-04 10:04:31.280410 firmware_mgmt NOTICE: task_instance.lua(266): wait_msg_result s
tage=COMMON_FINISH, timeout=7200S, loop=4
2025-11-04 10:04:31.281302 firmware_mgmt NOTICE: action.lua(96): public finish action star
t
2025-11-04 10:04:31.312152 firmware_mgmt NOTICE: worker: start action in worker
2025-11-04 10:04:31.334981 firmware_mgmt NOTICE: task_mgmt.lua(418): Update task[Id: 77508
960, StartTime: 2025-11-04T10:04:28+00:00, Progress: 95, State: Starting] successfully
2025-11-04 10:04:31.338924 product_mgmt NOTICE: upgrade_mgmt.lua(94): [WBD] complete proce
ssing upgrade, ret=0
2025-11-04 10:04:31.815837 firmware_mgmt NOTICE: worker: execute finish action scrip
t successfully
2025-11-04 10:04:32.309395 firmware_mgmt NOTICE: action.lua(102): public finish action end
2025-11-04 10:04:32.309808 firmware_mgmt NOTICE: info_mgmt.lua(240): info_key(1_WhiteBrand
ing_77508960) upgrade set_stage: COMMON_FINISH → DIFF_FINISH, 95
2025-11-04 10:04:32.419499 general_hardware ERROR: upgrade_subject.lua(124): [on_upgrade_f
inish] does not exists the observer, firmware_type:WhiteBranding
2025-11-04 10:04:32.422400 product_mgmt NOTICE: upgrade_mgmt.lua(103): [WBD] start finishi
ng upgrade
2025-11-04 10:04:32.429398 om ERROR: l_crypt.c(113): BIO_flush failed
2025-11-04 10:04:32.429462 om ERROR: l_crypt.c(157): Decrypt cert failed.
2025-11-04 10:04:32.432213 security ERROR: comm_utils.c(1484): [certificate] content_to_lo
cal_file: decode client certificate failed.
2025-11-04 10:04:32.432832 certificate ERROR: certificate_collection_base.lua(154): conten
t to file failed, error: content_to_local_file failed! ret code: 1!
2025-11-04 10:04:32.433533 certificate WARNING: init.lua(97): nil:-1 > certificate_collect
ion_ssl.lua:251 > certificate_collection_base.lua:158: Failed to import the certificate.
2025-11-04 10:04:32.434079 certificate ERROR: operation_logger.lua(85): ImportCertWithKey:
CertImportFailed
2025-11-04 10:04:32.437188 product_mgmt ERROR: cert_custom.lua(131): Import wbd cert faile
d! err=CertImportFailed: Failed to import the certificate.
2025-11-04 10:04:34.714518 firmware_mgmt NOTICE: info_mgmt.lua(240): info_key(1_WhiteBrand
ing_77508960) upgrade set_stage: DIFF_FINISH → CLEAR, 95
2025-11-04 10:04:34.717427 firmware_mgmt NOTICE: task_instance.lua(266): wait_msg_result s
tage=CLEAR, timeout=600S, loop=22
2025-11-04 10:04:34.718242 firmware_mgmt NOTICE: task_instance.lua(577): Upgrade 1_WhiteBr
anding_77508960 completely, pre_version=
2025-11-04 10:04:34.719060 firmware_mgmt NOTICE: task_instance.lua(583): firmware(info key
:1_WhiteBranding_77508960) do upgrade ret:0, pre_version:
2025-11-04 10:04:34.812477 product_mgmt NOTICE: upgrade_mgmt.lua(106): [WBD] complete fini
shing upgrade, ret=0
2025-11-04 10:04:34.911742 firmware_mgmt NOTICE: info_mgmt.lua(240): info_key(1_WhiteBrand
ing_77508960) upgrade set_stage: CLEAR → COMPLETED, 100
白牌包定制指南:白牌包介绍 | 文档中心 | openUBMC,不过制作白牌包的资料中的file_list.conf需要包含customize.pfx(这个就是需要解析的ssl证书),如([File10] Name=customize.pfx Path=/data/opt/bmc/conf),customize.pfx的生成方法咨询下华为侧,定制清白牌包的方法就按照资料里来;另外,白牌包升级的过程大致为:1:升级前准备(解析update.cfg,用来判断升级包类型是否为白牌包);2:升级动作执行(解析filelist.cfg,完成定制文件导入到系统指定目录);3:升级后处理(解析web_custom.xml,完成xml文件中的属性定制);你的问题处在第三步,升级后处理这里,解析web_custom.xml之前要先解密并安装一把ssl证书,目前看日志,你们的是在解密并安装ssl证书的时候出错导致白牌包升级失败,需要加解密的人看看咋回事
这个证书没有进行加密,我通过web导入证书的时候也没有导入密钥,就可以导入成功。
但是通过白牌包导入就无法导入成功,我理解不应该有这个解密流程才对,所以问题应该不单单是解密的问题,而是通过白牌包导入证书这整个流程上的问题。
这个问题解决了吗?
加解密是如何处理的?