Active IQ Unified Manager Discussions

OnCommand Secure or Unsecure?

tlpitch
7,712 Views

Today I went to create a new SnapMirror relationship on an existing LUN but was greeted with a warning that asked me if I wanted to setup a secure connection or continue without secure. Obviously I chose the secure connection route but it kept asking until I finally caved in and said continue without secure. Thinking I can just proceed with my task at hand I went to create the SnapMirror relationship but was presented with more SSL troubles.

 

During the SnapMirror wizard it reproted the following:

 

500 Connection has been shutdown:
javax.net.ssl.SSLHandsakeException: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.

I've read a few articles that suggested turning SSL.v2 off and turning on TLS. I even Disabled SSL from the OnCommand System Manager and renabled it, generating a new SSL Cert but nothing seems to work. Below 

 

filer_A> options httpd
httpd.access legacy
httpd.admin.access legacy
httpd.admin.enable on
httpd.admin.hostsequiv.enable off
httpd.admin.max_connections 512
httpd.admin.ssl.enable on
httpd.admin.top-page.authentication on
httpd.autoindex.enable off
httpd.bypass_traverse_checking off
httpd.enable off
httpd.ipv6.enable off
httpd.log.format common 
httpd.method.trace.enable off
httpd.rootdir /vol/vol0/home/http
httpd.timeout 300 
httpd.timewait.enable off 

filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on filer_A> secureadmin status
ssh2 - active
ssh1 - inactive
ssl - active

Any thoughts?

 

Thank you in advance.

1 ACCEPTED SOLUTION

tlpitch
7,685 Views

I discovered my issue, should anyone else come across this issue. I'm running Windows 7 64-bit with IE 10 and Java 8u45. I think the kicker is Java 8. Here is what I did to correct the issue:

 

Installed the latest version of OnCommand, which at this time is 3.1.2 RC2. On all of my filers I had to enable TLS, and to error on the side of caution I disabled SSLv2.

 

For those like me with little experience with NetApp, the command was "options tls.enable on" and "options ssl.v2.enable off"

 

filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on

 

View solution in original post

3 REPLIES 3

tlpitch
7,686 Views

I discovered my issue, should anyone else come across this issue. I'm running Windows 7 64-bit with IE 10 and Java 8u45. I think the kicker is Java 8. Here is what I did to correct the issue:

 

Installed the latest version of OnCommand, which at this time is 3.1.2 RC2. On all of my filers I had to enable TLS, and to error on the side of caution I disabled SSLv2.

 

For those like me with little experience with NetApp, the command was "options tls.enable on" and "options ssl.v2.enable off"

 

filer_A> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable on

filer_A> options tls
tls.enable on

 

iTB
7,383 Views

Enabling TLS resolved our problem as per the previous post.  We did not have to disable any SSL.

JMaartenW
6,189 Views

thanks for that, spent the last horu looking for a solution with loads of people posting stuff but you'r post fixed it

Public