Subscribe
Accepted Solution

OnCommand Secure or Unsecure?

Today I went to create a new SnapMirror relationship on an existing LUN but was greeted with a warning that asked me if I wanted to setup a secure connection or continue without secure. Obviously I chose the secure connection route but it kept asking until I finally caved in and said continue without secure. Thinking I can just proceed with my task at hand I went to create the SnapMirror relationship but was presented with more SSL troubles.

 

During the SnapMirror wizard it reproted the following:

 

500 Connection has been shutdown:
javax.net.ssl.SSLHandsakeException: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.

I've read a few articles that suggested turning SSL.v2 off and turning on TLS. I even Disabled SSL from the OnCommand System Manager and renabled it, generating a new SSL Cert but nothing seems to work. Below 

 

filer_A> options httpd
httpd.access legacy
httpd.admin.access legacy
httpd.admin.enable on
httpd.admin.hostsequiv.enable off
httpd.admin.max_connections 512
httpd.admin.ssl.enable on
httpd.admin.top-page.authentication on
httpd.autoindex.enable off
httpd.bypass_traverse_checking off
httpd.enable off
httpd.ipv6.enable off
httpd.log.format common 
httpd.method.trace.enable off
httpd.rootdir /vol/vol0/home/http
httpd.timeout 300 
httpd.timewait.enable off 

filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on filer_A> secureadmin status
ssh2 - active
ssh1 - inactive
ssl - active

Any thoughts?

 

Thank you in advance.

Re: OnCommand Secure or Unsecure?

I discovered my issue, should anyone else come across this issue. I'm running Windows 7 64-bit with IE 10 and Java 8u45. I think the kicker is Java 8. Here is what I did to correct the issue:

 

Installed the latest version of OnCommand, which at this time is 3.1.2 RC2. On all of my filers I had to enable TLS, and to error on the side of caution I disabled SSLv2.

 

For those like me with little experience with NetApp, the command was "options tls.enable on" and "options ssl.v2.enable off"

 

filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on

 

Re: OnCommand Secure or Unsecure?

Enabling TLS resolved our problem as per the previous post.  We did not have to disable any SSL.

Re: OnCommand Secure or Unsecure?

thanks for that, spent the last horu looking for a solution with loads of people posting stuff but you'r post fixed it