Active IQ Unified Manager Discussions

OnCommand Secure or Unsecure?


Today I went to create a new SnapMirror relationship on an existing LUN but was greeted with a warning that asked me if I wanted to setup a secure connection or continue without secure. Obviously I chose the secure connection route but it kept asking until I finally caved in and said continue without secure. Thinking I can just proceed with my task at hand I went to create the SnapMirror relationship but was presented with more SSL troubles.


During the SnapMirror wizard it reproted the following:


500 Connection has been shutdown: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.

I've read a few articles that suggested turning SSL.v2 off and turning on TLS. I even Disabled SSL from the OnCommand System Manager and renabled it, generating a new SSL Cert but nothing seems to work. Below 


filer_A> options httpd
httpd.access legacy
httpd.admin.access legacy
httpd.admin.enable on
httpd.admin.hostsequiv.enable off
httpd.admin.max_connections 512
httpd.admin.ssl.enable on on
httpd.autoindex.enable off
httpd.bypass_traverse_checking off
httpd.enable off
httpd.ipv6.enable off
httpd.log.format common 
httpd.method.trace.enable off
httpd.rootdir /vol/vol0/home/http
httpd.timeout 300 
httpd.timewait.enable off 

filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on filer_A> secureadmin status
ssh2 - active
ssh1 - inactive
ssl - active

Any thoughts?


Thank you in advance.


Re: OnCommand Secure or Unsecure?


I discovered my issue, should anyone else come across this issue. I'm running Windows 7 64-bit with IE 10 and Java 8u45. I think the kicker is Java 8. Here is what I did to correct the issue:


Installed the latest version of OnCommand, which at this time is 3.1.2 RC2. On all of my filers I had to enable TLS, and to error on the side of caution I disabled SSLv2.


For those like me with little experience with NetApp, the command was "options tls.enable on" and "options ssl.v2.enable off"


filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on


View solution in original post

Re: OnCommand Secure or Unsecure?


Enabling TLS resolved our problem as per the previous post.  We did not have to disable any SSL.

Re: OnCommand Secure or Unsecure?


thanks for that, spent the last horu looking for a solution with loads of people posting stuff but you'r post fixed it

2021 NetApp Partner Experience Survey
PES Banner
All Community Forums