Thursday, July 7, 2011

How to manually backup SMC

This is a way to backup related files at SMC, can also be used for CMA migration

mkdir /var/tmp/manualyedek
mkdir /var/tmp/manualyedek/conf
mkdir /var/tmp/manualyedek/database
mkdir /var/tmp/manualyedek/conf.cpdir
mkdir /var/tmp/manualyedek/database.cpdir
mkdir /var/tmp/manualyedek/registry
cd $FWDIR/conf
cp -rfL * /var/tmp/manualyedek/conf
cd $FWDIR/database
cp -rfL * /var/tmp/manualyedek/database
cd $CPDIR/conf
cp -rfL * /var/tmp/manualyedek/conf.cpdir
cd $CPDIR/database
cp -rfL * /var/tmp/manualyedek/database.cpdir
cd $CPDIR/registry
cp -rfL * /var/tmp/manualyedek/registry

 cd /var/tmp/
gtar -zcvf manualyedek.tgz manualyedek

The connection has been refused due to one of following SmartCenter Server certificate problems:

1. The SmartCenter Server’s clock is not setup properly.
2. The certificate’s issue date is later than the date of the SmartCentre Server’s clock.
3. The Gui Client’s clock and the SmartCenter Server’s clock are not synchronized.
4. The certificate has expired.
5. The certificate is invalid.

Q:I have several fw modules managing from this SMC, Can they drop traffic or SIC will be reset after this operation ?
A: No, This certificate is related to Smart Console,You dont have to worry about this questions.
Q: Why did I get this warning, What caused this ?
A: May have several issues but most of them are related to low disk space , check usage with # df -h

Solution at SMC :

1. # cd $CPDIR/conf
2. # cp sic_cert.p12 sic_cert.p12old
3. # cpca_client revoke_cert -n "CN=cp_mgmt"
4. # cpca_client create_cert -n "CN=cp_mgmt" -f sic_cert.p12
5. # cpstop;cpstart