Ask The Experts

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ask The Experts

Ask a Question

unable to connect NetApp Harvest to FAS2650

axsys
‎2019-01-16 08:58 AM
2,998 Views

hi all,

 

We are having issues connecting NetApp Harvest to a cluster on one of our remote sites.  This site has a relatively new pair of FAS2650 filers.... we have already implemented Harvest successfully elsewhere.

 

We already ran these commands as taken from NetApp Harvest documtation, on the target filer.....

security login role create -role netapp-harvest-role -access readonly -cmddirname "version"

security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster identity show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "system node show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "statistics"

security login role create -role netapp-harvest-role -access readonly -cmddirname "lun show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "network interface show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "qos workload show"

security certificate install -type client-ca -vserver vserver_name

 

-----BEGIN CERTIFICATE-----

certificate was pasted here....

-----END CERTIFICATE-----

 

security ssl modify -client-enabled true -vserver vserver_name

security login create -user-or-group-name netapp-harvest -application ontapi -role netapp-harvest-role -authmethod cert

 

We then recieved these messages/errors:

[2018-11-27 17:23:39] [NORMAL ] WORKER STARTED [Version: 1.4] [Conf: netapp-harvest.conf] [Poller: filer_name]

[2018-11-27 17:23:39] [NORMAL ] [main] Poller will monitor a [FILER] at [ip_address:443]

[2018-11-27 17:23:39] [NORMAL ] [main] Poller will use [ssl_cert] authentication with ssl_cert [netapp-harvest.pem] and ssl_key [netapp-harvest.key]

[2018-11-27 17:23:39] [WARNING] [sysinfo] Update of system-info cache DOT Version failed with reason: Server returned HTTP Error:

[2018-11-27 17:23:39] [WARNING] [main] system-info update failed; will try again in 10 seconds.

 

Curl output:

[root@ ~]# curl  -H "Accept: application/json" "https://IP_address"--insecure -v

* About to connect() to IP_address port 443 (#0)

*   Trying IP_address...

* Connected to IP_address (IP_address) port 443 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* skipping SSL peer certificate verification

* NSS error -12156 (SSL_ERROR_WEAK_SERVER_CERT_KEY)

* The server certificate included a public key that was too weak.

* Closing connection 0

curl: (35) The server certificate included a public key that was too weak.

 

Any advice/suggestions would be very much appreciated!  thanks....

0 Kudos
Tags (1)
1 REPLY 1

vachagan_gratian
NetApp
‎2019-01-17 09:10 AM
2,946 Views

Hi Axsys,

 

I am not familiar with authentication algorithms, from what I found on the web it seems like your client and server are trying to exchange public keys of different lengths (512 bit vs 1024 bit).

 

Did you try to use login/password as authentication instead of certificate?

0 Kudos
All Community Forums
Public