2017-11-30 06:48 AM - edited 2017-11-30 06:50 AM
I am in need of help. Whenever we try to access OCUM and Cluster GUI we always get prompted that the site is not HTTPS secured. What is the way to make it HTTPS secure?
I tried logging into the cluster and issued the "sec certi create" command with option -typ server and common name as the cluster name, to generate a self signed cert but still it persists for the ONTAP Gui. Ocum also displays the same. Any guidance would be much appreciated.
2017-11-30 07:01 AM
Talking about OCUM, are you talking about the attached screenshot? This is under Chrome. You can click the "Advanced" option and add exception for the "self-assigned" certificate from OCUM. There is a similar option for Firefox or IE also.
2017-11-30 07:08 AM
Yes, i am aware of the option but then again it is just a temp workaround to access the site. Still doesnt rectify the unsecure connection though.
I want to make the connection secure, as in https secured.
i want it to be done for both cluster and OCUM.
2017-11-30 02:35 PM
Hello - as Ruijuan points out the message you're getting is from the self-signed certificates leveraged by SystemManager and OCUM. That said, you can install a certificate issued by a trusted CA on both your cluster (thereby addressing the SystemManager warning) as well as install a certificate onto the OCUM server. For our purposes, we chose not to pursue that approach but instead put our infrastructure behind a web load-balancer with internally trusted certificate installed. HTTPS warnings about self-signed certs get stripped before the client sees them and we also consolidate our storage management behind our data center firewall.
If you'd like to pursue the cert installation let me know as I took some notes when we first started down that path (i.e. installing trusted CA certs everywhere).
That said, the warning is mostly just an annoyance - it doesn't indicate anything other than your browser trying to protect you from a potentially unsecure web site. Since there's no chance someone is trying to spoof your SystemManager/OCUM web sites internally by leveraging a self-signed certificate, it's not really a big deal (unless your internal security scanning tools are lighting you up for it).