Legacy Product Discussions (RO)

Can't start Filerview (3140)

bobby_gillette
8,093 Views

When I try to open Filerview using https://.../na_admin I get can't open. I'm thinking I need to regenerate keys using keymgr, just don't have any experience doing so. Any help would be appreciated!

1 ACCEPTED SOLUTION

ekashpureff
8,093 Views

You need to use the 'secureadmin' command to set up ssl.

secureadmin setup [ -f ] [ -q ] ssl configures the SSL server. The administrator needs to specify the distinguished name (DN) for the appliance.

The process generates a Certificate Signing Request (CSR) and a temporary self-signed certificate. The CSR,    located    in     /etc/keymgr/csr/secureadmin_tmp.pem, can optionally be submitted to a Certificate Authority (CA) for signing. The selfsigned certificate allows the SSL server to work without submitting the CSR to a CA. However, the browser may issue a security warning that the appliance's identity cannot be verified. In the US, the administrator can specify the key strengths of 512, 1024, 1536, or 2048. Otherwise it is set to 512.

The -f flag forces setup to run even if the SSL server has already been configured.

The
-q flag is the non-interactive mode for setting up SSL. The format for this command looks like "secureadmin setup -q ssl domestic<t/f> country state locality org unit fqdn email [keylen] [days until expires]


I hope this response has been helpful to you.

At your service,


Eugene E. Kashpureff
ekashp@kashpureff.org
Senior Systems Architect / NetApp Certified Instructor
http://www.linkedin.com/in/eugenekashpureff

(P.S. I appreciate points for helpful or correct answers.)

View solution in original post

3 REPLIES 3

ekashpureff
8,094 Views

You need to use the 'secureadmin' command to set up ssl.

secureadmin setup [ -f ] [ -q ] ssl configures the SSL server. The administrator needs to specify the distinguished name (DN) for the appliance.

The process generates a Certificate Signing Request (CSR) and a temporary self-signed certificate. The CSR,    located    in     /etc/keymgr/csr/secureadmin_tmp.pem, can optionally be submitted to a Certificate Authority (CA) for signing. The selfsigned certificate allows the SSL server to work without submitting the CSR to a CA. However, the browser may issue a security warning that the appliance's identity cannot be verified. In the US, the administrator can specify the key strengths of 512, 1024, 1536, or 2048. Otherwise it is set to 512.

The -f flag forces setup to run even if the SSL server has already been configured.

The
-q flag is the non-interactive mode for setting up SSL. The format for this command looks like "secureadmin setup -q ssl domestic<t/f> country state locality org unit fqdn email [keylen] [days until expires]


I hope this response has been helpful to you.

At your service,


Eugene E. Kashpureff
ekashp@kashpureff.org
Senior Systems Architect / NetApp Certified Instructor
http://www.linkedin.com/in/eugenekashpureff

(P.S. I appreciate points for helpful or correct answers.)

bobby_gillette
8,093 Views

Thank you Eugene, exactly what I needed! Now to find where I assign points ...

marty_harris
8,093 Views

Hi Eugene,

Any chance you could tell me what the 'domestic' option does on the secureadmin -q ssl command line?

-q flag is the non-interactive mode for setting up SSL. The format for this command looks like "secureadmin setup -q ssl domestic<t/f> country state locality org unit fqdn email [keylen] [days until expires]

Thanks!

Public