Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

Certificate Based Authentication against Unified Manager 6.4

acjackson

Hello,

 

I'm trying to setup Certificate Based Authentication against Unified Manager 6.4 to use with NMSDK.

I did manage to setup CBA against DFM 5.2, but I didnt found any option on the Unified Manager: the "dfm" command on console has no 'dfm ssl service' option anymore

Because I couldn't find any topic on CBA in the Unified Manager 6.4 manual either, I am not sure, if it's still supported.

 

Do I have to use LDAP for certificate based authentication?

 

 

 

 

 

1 ACCEPTED SOLUTION

madden

Hi @acjackson

 

 

I do not believe SSL cert based auth is possible with Unified Manager 6+ releases.  I checked the SDK 5.5 docs and found this that agrees:

 

NaServer::set_style

 

 

$style

The authentication style

Following are the supported values:

  • HOSTS—to use the hosts.equiv file on the storage system to determine access rights.

  • LOGIN—to provide user name and password information. You can set the user name by using the API set_admin_user.

  • CERTIFICATE—to use certificates to authenticate clients who attempt to connect to a server, without using login credentials. This style automatically sets HTTPS as the transport mechanism. You can use this authentication mechanism for clustered Data ONTAP 8.2 and OnCommand Unified Manager 5.0.2, 5.1, and 5.2.

To authenticate the server, server certificate verification and hostname verification is required.

For more information, see the APIsNaServer::set_client_cert_and_key(),NaServer::set_ca_certs(),NaServer::set_server_cert_verification(),andNaServer::set_hostname_verification().

 

 

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

 

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

View solution in original post

1 REPLY 1

madden

Hi @acjackson

 

 

I do not believe SSL cert based auth is possible with Unified Manager 6+ releases.  I checked the SDK 5.5 docs and found this that agrees:

 

NaServer::set_style

 

 

$style

The authentication style

Following are the supported values:

  • HOSTS—to use the hosts.equiv file on the storage system to determine access rights.

  • LOGIN—to provide user name and password information. You can set the user name by using the API set_admin_user.

  • CERTIFICATE—to use certificates to authenticate clients who attempt to connect to a server, without using login credentials. This style automatically sets HTTPS as the transport mechanism. You can use this authentication mechanism for clustered Data ONTAP 8.2 and OnCommand Unified Manager 5.0.2, 5.1, and 5.2.

To authenticate the server, server certificate verification and hostname verification is required.

For more information, see the APIsNaServer::set_client_cert_and_key(),NaServer::set_ca_certs(),NaServer::set_server_cert_verification(),andNaServer::set_hostname_verification().

 

 

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

 

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

View solution in original post

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public