Active IQ Unified Manager Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active IQ Unified Manager Discussions

Ask a Question

How to make OCUM and ONTAP GUI Https secure

Anirban
NetApp
‎2017-11-30 06:48 AM
7,041 Views

Hi ,

I am in need of help. Whenever we try to access OCUM and Cluster GUI we always get prompted that the site is not HTTPS secured. What is the way to make it HTTPS secure?

I tried logging into the cluster and issued the "sec certi create" command with option -typ server and common name as the cluster name, to generate a self signed cert but still it persists for the ONTAP Gui. Ocum also displays the same. Any guidance would be much appreciated.

0 Kudos
View By:
4 REPLIES 4

ruijuan
NetApp
‎2017-11-30 07:01 AM
7,033 Views

Talking about OCUM, are you talking about the attached screenshot? This is under Chrome. You can click the "Advanced" option and add exception for the "self-assigned" certificate from OCUM. There is a similar option for Firefox or IE also.

Preview file
43 KB
0 Kudos

Anirban
NetApp
‎2017-11-30 07:08 AM
In response to ruijuan
7,024 Views

Yes, i am aware of the option but then again it is just a temp workaround to access the site. Still doesnt rectify the unsecure connection though.
I want to make the connection secure, as in https secured.

i want it to be done for both cluster and OCUM.

error.jpg

0 Kudos

ruijuan
NetApp
‎2017-11-30 12:32 PM
In response to Anirban
6,973 Views

I can only speak for OCUM. yes, this is a secure https. You have to add it as exception simply because OCUM has self-signed certificate.

0 Kudos

colsen
NetApp A-Team
‎2017-11-30 02:35 PM
6,915 Views

Hello - as Ruijuan points out the message you're getting is from the self-signed certificates leveraged by SystemManager and OCUM.  That said, you can install a certificate issued by a trusted CA on both your cluster (thereby addressing the SystemManager warning) as well as install a certificate onto the OCUM server.  For our purposes, we chose not to pursue that approach but instead put our infrastructure behind a web load-balancer with internally trusted certificate installed.  HTTPS warnings about self-signed certs get stripped before the client sees them and we also consolidate our storage management behind our data center firewall.

 

If you'd like to pursue the cert installation let me know as I took some notes when we first started down that path (i.e. installing trusted CA certs everywhere).  

 

That said, the warning is mostly just an annoyance - it doesn't indicate anything other than your browser trying to protect you from a potentially unsecure web site.  Since there's no chance someone is trying to spoof your SystemManager/OCUM web sites internally by leveraging a self-signed certificate, it's not really a big deal (unless your internal security scanning tools are lighting you up for it).

 

Thanks,

 

Chris

0 Kudos
Announcements
All Community Forums
Public