Subscribe
Accepted Solution

API Err: Failed to install Certificate. Reason: "Failed to write in BIO memory buffer". (13001)

Trying to automate SSL certificate installation on Clustered Data ONTAP 8.3.2P5 for KMIP and NSE.

 

I am able to successfully install my client certificate (subtype kmip-cert) using security-certificate-install.  But it fails when I try to install my server-ca certificate with the error

 

Failed to install Certificate. Reason: "Failed to write in BIO memory buffer". (13001)

 

The raw XML looks like this:

 

INPUT:
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE netapp SYSTEM 'file:/etc/netapp_filer.dtd'>
<netapp xmlns="http://www.netapp.com/filer/admin" version="1.21" nmsdk_version='5.4P2' nmsdk_platform='CentOS Linux release 7.2.1511 x86_64' nmsdk_language='Perl' nmsdk_bindings='1' nmsdk_app='installKMIPCertificate.pl'><security-certificate-install><subtype>kmip-cert</subtype><vserver>redacted</vserver><certificate></certificate><type>server-ca</type><kmip-server-ip>0.0.0.0</kmip-server-ip></security-certificate-install></netapp>

OUTPUT:
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE netapp SYSTEM 'file:/etc/netapp_gx.dtd'>
<netapp version='1.32' xmlns='http://www.netapp.com/filer/admin'>
<results reason="Failed to install Certificate. Reason: &quot;Failed to write in BIO memory buffer&quot;." status="failed" errno="13001"/></netapp>

 

This looks to be an OpenSSL error coming from the cluster itself.

Re: API Err: Failed to install Certificate. Reason: "Failed to write in BIO memory buffer"

Hmm, well it seems that if I install the server-ca certificate first, then the client certificate, it all works.  Hate to answer my own question but oh well, thanks for looking anyways!