ONTAP Discussions

Importing a SSL cert and key for secureadmin

jmalone
4,155 Views

Hi.

Our organization uses wildcard SSL certs (from godaddy) on all of our internal and external servers. All servers share the cert file and the private key. On our previous filer (FAS270, ontap 7.1) I was able to copy the files into /etc/keymgr/cert/secureadmin.key and /etc/keymgr/key/secureadmin.pem and things just worked. I can't get our new FAS2020 (ontap 7.3.5.1) to do that. When I enable secureadmin ssl, I just get the error

  "[shfiler: httpd.socket.listener.create:error]: HTTPS Initialization failure; could not create listener socket."

I notice that when I run secureadmin setup ssl, it creates an encrypted key in keymgr/key/secureadmin.pem but I have no idea what it uses for the passphrase. Do I need to encrypt my key for the filer to accept it?

Thanks,

-Josh

1 ACCEPTED SOLUTION

jmalone
4,051 Views

Naturally, as soon as I post the question, I solve the problem.

It seems that simply running 'secureadmin setup ssl' does whatever the voodoo is needed to get SSL working. After running that and generating a self-signed cert, I'm able to replace the files with the ones from my CA, restart secureadmin ssl and everything is happy. Sorry for the noise post.

-Josh

View solution in original post

1 REPLY 1

jmalone
4,052 Views

Naturally, as soon as I post the question, I solve the problem.

It seems that simply running 'secureadmin setup ssl' does whatever the voodoo is needed to get SSL working. After running that and generating a self-signed cert, I'm able to replace the files with the ones from my CA, restart secureadmin ssl and everything is happy. Sorry for the noise post.

-Josh

Public