The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to reigister at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

Ocum and dataontap c-cmode ca-signed certificates: "Unreachable cluster"

rtorresani

Hi all,

 our netapp running dataontap 8.3 are to expiring ssl certificates.

 

I followed those instructions:

 

- "Installing a server certificate to authenticate the cluster or SVM as an SSL server" (system admin guide x cluster admins 8.3)

- KB ID: 1014389 "How to renew an SSL certificate in clustered Data ONTAP"

 

using a CA signed certificate (our internal CA).

 

System manager works fine and is using the correct certificate, but in Ocum albeit it asks me "should I trust the CA" (I answered yes of course) I started getting "Unreachable cluster".

I tried to rediscover the cluster, but the error remains.

Finally I removed the CA-signed certificate and generate a self-signed certificate, and with this one it works fine.

 

Are there any particular procedure to follow to use CA signed certs?

 

Roberto

4 REPLIES 4

argiri

Can you please clarify whether the ocum is 5.x or 6.x?

 

Thanks

Giridhar

rtorresani

The version involved are dataontap 8.3p2 and ocum 6.3

 

Roberto

msaravan

Hi Robert,

 

Thanks for reaching out to us. I heard this problem from one of the other customer too.


Can you please provide the following information to diagnose it further: 

 

* Screen shot of the error

* Your actual certificate (If you dont want to share the information over community, please mail me the details to msaravan@netapp.com. 

* Are you using Windows CA server to sign the certificates ? Can you please brief more about the configuration of your CA server.

 

If it is of high interest to monitor this system from OCUM, you can use HTTP protocol for time being until this issue gets fixed.

 

Regards,

Saravanan

rtorresani

Hello,

 yes it's a Windows CA, but I found out a strange behaviour: after 24 hours of complaining about "cluster not reachable", suddendly OCUM managed to monitor the cluster and the error went away.

 

Googling around I read something about session pooling where sessions keeps using old certificate, but I can remember where I read this.

 

Does it sounds meaningful ?

 

Cheers,

Roberto

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public