Active IQ Unified Manager Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active IQ Unified Manager Discussions

Ask a Question

OnCommand Secure or Unsecure?

tlpitch
‎2015-06-02 11:33 AM
7,985 Views

Today I went to create a new SnapMirror relationship on an existing LUN but was greeted with a warning that asked me if I wanted to setup a secure connection or continue without secure. Obviously I chose the secure connection route but it kept asking until I finally caved in and said continue without secure. Thinking I can just proceed with my task at hand I went to create the SnapMirror relationship but was presented with more SSL troubles.

 

During the SnapMirror wizard it reproted the following:

 

500 Connection has been shutdown:
javax.net.ssl.SSLHandsakeException: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.

I've read a few articles that suggested turning SSL.v2 off and turning on TLS. I even Disabled SSL from the OnCommand System Manager and renabled it, generating a new SSL Cert but nothing seems to work. Below 

 

filer_A> options httpd
httpd.access legacy
httpd.admin.access legacy
httpd.admin.enable on
httpd.admin.hostsequiv.enable off
httpd.admin.max_connections 512
httpd.admin.ssl.enable on
httpd.admin.top-page.authentication on
httpd.autoindex.enable off
httpd.bypass_traverse_checking off
httpd.enable off
httpd.ipv6.enable off
httpd.log.format common 
httpd.method.trace.enable off
httpd.rootdir /vol/vol0/home/http
httpd.timeout 300 
httpd.timewait.enable off 

filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on 

filer_A> secureadmin status
ssh2 - active
ssh1 - inactive
ssl - active

Any thoughts?

 

Thank you in advance.

0 Kudos
View By:
1 ACCEPTED SOLUTION

tlpitch
‎2015-06-03 04:10 AM
7,958 Views

I discovered my issue, should anyone else come across this issue. I'm running Windows 7 64-bit with IE 10 and Java 8u45. I think the kicker is Java 8. Here is what I did to correct the issue:

 

Installed the latest version of OnCommand, which at this time is 3.1.2 RC2. On all of my filers I had to enable TLS, and to error on the side of caution I disabled SSLv2.

 

For those like me with little experience with NetApp, the command was "options tls.enable on" and "options ssl.v2.enable off"

 

filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on

 

View solution in original post

0 Kudos
3 REPLIES 3

tlpitch
‎2015-06-03 04:10 AM
7,959 Views

I discovered my issue, should anyone else come across this issue. I'm running Windows 7 64-bit with IE 10 and Java 8u45. I think the kicker is Java 8. Here is what I did to correct the issue:

 

Installed the latest version of OnCommand, which at this time is 3.1.2 RC2. On all of my filers I had to enable TLS, and to error on the side of caution I disabled SSLv2.

 

For those like me with little experience with NetApp, the command was "options tls.enable on" and "options ssl.v2.enable off"

 

filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on

 

0 Kudos

iTB
‎2015-08-12 01:30 PM
In response to tlpitch
7,656 Views

Enabling TLS resolved our problem as per the previous post.  We did not have to disable any SSL.

0 Kudos

JMaartenW
‎2016-02-16 08:46 AM
In response to tlpitch
6,462 Views

thanks for that, spent the last horu looking for a solution with loads of people posting stuff but you'r post fixed it

0 Kudos
All Community Forums
Public