installing letsencrypt certificate in ocum

grocanar · ‎2023-02-06

Hi

I m trying to install a letsencrypt certificate in my ocum server but i got the follwing messages

Failed to install certificate: A valid full certificate chain from the host certificate to the Certificate Authority's certificate must be provided.

I have carefully followed the instruction from here

https://docs.netapp.com/us-en/active-iq-unified-manager/config/concept_install_https_certificate_generated_using_external_tools.html

my fqdn is ocum.admin.ibfj-evry.fr

the fullchain output file give me

openssl crl2pkcs7 -nocrl -certfile fullchain.pem | openssl pkcs7 -print_certs -noout
subject=/CN=ocum.admin.ibfj-evry.fr
issuer=/C=US/O=Let's Encrypt/CN=R3

subject=/C=US/O=Let's Encrypt/CN=R3
issuer=/C=US/O=Internet Security Research Group/CN=ISRG Root X1

subject=/C=US/O=Internet Security Research Group/CN=ISRG Root X1
issuer=/O=Digital Signature Trust Co./CN=DST Root CA X3

then i have a valid full certificate chain from the host certificate to the Certificate Authority's certificate

i have prepend the private key file.

but i got no luck

how can i debug this problem.?

vedantsethia · ‎2023-02-07

Hi Eric,

I am not a OCUM guy. But from the error message, it looks like the server does not trust the cert authority.
I found this document which might help you: https://kb.netapp.com/Advice_and_Troubleshooting/Data_Infrastructure_Management/Active_IQ_Unified_Manager/How_to_generate_and_convert_a_signed_certifi...

Thanks

Vedant

grocanar · ‎2023-03-08

Hi

I can't use this link as the key and the cert are generated externally.
in the link onegenerate a csr to be sign which is impossible qith letsencrypt
i follow the instructions in the link i give but with no luck