Active IQ and AutoSupport Discussions

installing letsencrypt certificate in ocum

grocanar
1,356 Views

Hi

I m trying to install a letsencrypt certificate in my ocum server but i got the follwing messages

Failed to install certificate: A valid full certificate chain from the host certificate to the Certificate Authority's certificate must be provided.

 

I have carefully followed the instruction from here

https://docs.netapp.com/us-en/active-iq-unified-manager/config/concept_install_https_certificate_generated_using_external_tools.html

 

my fqdn is ocum.admin.ibfj-evry.fr 

 

the fullchain output file give me 

openssl crl2pkcs7 -nocrl -certfile fullchain.pem | openssl pkcs7 -print_certs -noout
subject=/CN=ocum.admin.ibfj-evry.fr
issuer=/C=US/O=Let's Encrypt/CN=R3

 

subject=/C=US/O=Let's Encrypt/CN=R3
issuer=/C=US/O=Internet Security Research Group/CN=ISRG Root X1

 

subject=/C=US/O=Internet Security Research Group/CN=ISRG Root X1
issuer=/O=Digital Signature Trust Co./CN=DST Root CA X3

 

then i have a valid  full certificate chain from the host certificate to the Certificate Authority's certificate

 

i have prepend the private key file.

 

but i got no luck

how can i debug this problem.? 

 

2 REPLIES 2

vedantsethia
1,316 Views

Hi Eric, 

I am not a OCUM guy. But from the error message, it looks like the server does not trust the cert authority.
I found this document which might help you: https://kb.netapp.com/Advice_and_Troubleshooting/Data_Infrastructure_Management/Active_IQ_Unified_Manager/How_to_generate_and_convert_a_signed_certifi... 

 

Thanks

Vedant

grocanar
1,091 Views

Hi

I can't use this link as the key and the cert are generated externally.
in the link onegenerate a csr to be sign which is impossible qith letsencrypt
i follow the instructions in the link i give but with no luck 

Public