https://community.netapp.com/t5/Ask-The-Experts/unable-to-connect-NetApp-Harvest-to-FAS2650/m-p/145996#M325 <P>Hi Axsys,</P> <P>&nbsp;</P> <P>I am not familiar with authentication algorithms, from what I found on the web it seems like your client and server are trying to exchange public keys of different lengths (512 bit vs 1024 bit).</P> <P>&nbsp;</P> <P>Did you try to use login/password as authentication instead of certificate?</P> Thu, 17 Jan 2019 17:10:41 GMT vachagan_gratian 2019-01-17T17:10:41Z https://community.netapp.com/t5/Ask-The-Experts/unable-to-connect-NetApp-Harvest-to-FAS2650/m-p/145965#M324 <P>hi all,</P> <P>&nbsp;</P> <P>We are having issues connecting NetApp Harvest to a cluster on one of our remote sites.&nbsp; This site has a relatively new pair of FAS2650 filers.... we have already implemented Harvest successfully elsewhere.</P> <P>&nbsp;</P> <P>We already ran these commands as taken from NetApp Harvest documtation, on the target filer.....</P> <P>security login role create -role netapp-harvest-role -access readonly -cmddirname "version"</P> <P>security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster identity show"</P> <P>security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster show"</P> <P>security login role create -role netapp-harvest-role -access readonly -cmddirname "system node show"</P> <P>security login role create -role netapp-harvest-role -access readonly -cmddirname "statistics"</P> <P>security login role create -role netapp-harvest-role -access readonly -cmddirname "lun show"</P> <P>security login role create -role netapp-harvest-role -access readonly -cmddirname "network interface show"</P> <P>security login role create -role netapp-harvest-role -access readonly -cmddirname "qos workload show"</P> <P>security certificate install -type client-ca -vserver&nbsp;<EM>vserver_name</EM></P> <P>&nbsp;</P> <P>-----BEGIN CERTIFICATE-----</P> <P><EM>certificate was pasted here....</EM></P> <P>-----END CERTIFICATE-----</P> <P>&nbsp;</P> <P>security ssl modify -client-enabled true -vserver <EM>vserver_name</EM></P> <P>security login create -user-or-group-name netapp-harvest -application ontapi -role netapp-harvest-role -authmethod cert</P> <P>&nbsp;</P> <P>We then recieved these messages/errors:</P> <P>[2018-11-27 17:23:39] [NORMAL ] WORKER STARTED [Version: 1.4] [Conf: netapp-harvest.conf] [Poller: <EM>filer_name</EM>]</P> <P>[2018-11-27 17:23:39] [NORMAL ] [main] Poller will monitor a [FILER] at [<EM>ip_address</EM>:443]</P> <P>[2018-11-27 17:23:39] [NORMAL ] [main] Poller will use [ssl_cert] authentication with ssl_cert [netapp-harvest.pem] and ssl_key [netapp-harvest.key]</P> <P>[2018-11-27 17:23:39] [WARNING] [sysinfo] Update of system-info cache DOT Version failed with reason: Server returned HTTP Error:</P> <P>[2018-11-27 17:23:39] [WARNING] [main] system-info update failed; will try again in 10 seconds.</P> <P>&nbsp;</P> <P><STRONG>Curl output:</STRONG></P> <P>[root@ ~]# curl &nbsp;-H "Accept: application/json" "<A href="https://172.17.241.40/devmgr/v2/storage-systems/1/device-alerts%22" target="_blank">https://<EM>I</EM></A><EM>P_address</EM>"--insecure -v</P> <P>* About to connect() to <A href="https://172.17.241.40/devmgr/v2/storage-systems/1/device-alerts%22" target="_blank"><EM>I</EM></A><EM>P_address</EM> port 443 (#0)</P> <P>* &nbsp;&nbsp;Trying <A href="https://172.17.241.40/devmgr/v2/storage-systems/1/device-alerts%22" target="_blank"><EM>I</EM></A><EM>P_address</EM>...</P> <P>* Connected to <A href="https://172.17.241.40/devmgr/v2/storage-systems/1/device-alerts%22" target="_blank"><EM>I</EM></A><EM>P_address</EM> (<A href="https://172.17.241.40/devmgr/v2/storage-systems/1/device-alerts%22" target="_blank"><EM>I</EM></A><EM>P_address</EM>) port 443 (#0)</P> <P>* Initializing NSS with certpath: sql:/etc/pki/nssdb</P> <P>* skipping SSL peer certificate verification</P> <P>* NSS error -12156 (SSL_ERROR_WEAK_SERVER_CERT_KEY)</P> <P>* The server certificate included a public key that was too weak.</P> <P>* Closing connection 0</P> <P>curl: (35) The server certificate included a public key that was too weak.</P> <P>&nbsp;</P> <P>Any advice/suggestions would be very much appreciated!&nbsp; thanks....</P> Wed, 16 Jan 2019 16:59:34 GMT https://community.netapp.com/t5/Ask-The-Experts/unable-to-connect-NetApp-Harvest-to-FAS2650/m-p/145965#M324 axsys 2019-01-16T16:59:34Z https://community.netapp.com/t5/Ask-The-Experts/unable-to-connect-NetApp-Harvest-to-FAS2650/m-p/145996#M325 <P>Hi Axsys,</P> <P>&nbsp;</P> <P>I am not familiar with authentication algorithms, from what I found on the web it seems like your client and server are trying to exchange public keys of different lengths (512 bit vs 1024 bit).</P> <P>&nbsp;</P> <P>Did you try to use login/password as authentication instead of certificate?</P> Thu, 17 Jan 2019 17:10:41 GMT https://community.netapp.com/t5/Ask-The-Experts/unable-to-connect-NetApp-Harvest-to-FAS2650/m-p/145996#M325 vachagan_gratian 2019-01-17T17:10:41Z