2011-03-18 06:44 AM
Our organization uses wildcard SSL certs (from godaddy) on all of our internal and external servers. All servers share the cert file and the private key. On our previous filer (FAS270, ontap 7.1) I was able to copy the files into /etc/keymgr/cert/secureadmin.key and /etc/keymgr/key/secureadmin.pem and things just worked. I can't get our new FAS2020 (ontap 184.108.40.206) to do that. When I enable secureadmin ssl, I just get the error
"[shfiler: httpd.socket.listener.create:error]: HTTPS Initialization failure; could not create listener socket."
I notice that when I run secureadmin setup ssl, it creates an encrypted key in keymgr/key/secureadmin.pem but I have no idea what it uses for the passphrase. Do I need to encrypt my key for the filer to accept it?
Solved! SEE THE SOLUTION
2011-03-18 06:54 AM
Naturally, as soon as I post the question, I solve the problem.
It seems that simply running 'secureadmin setup ssl' does whatever the voodoo is needed to get SSL working. After running that and generating a self-signed cert, I'm able to replace the files with the ones from my CA, restart secureadmin ssl and everything is happy. Sorry for the noise post.