make sure TLS 1.2 is actually enabled on your windows boxes

There were eveidently some "patches" that turned of TLS.

Verify these registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

you can also check out htis link: https://portal.chicagonettech.com/kb/a187/maximizing-ssl-security-for-windows-server-2012-ssl-tls.aspx

On 8.3 I had the same issue attempting to connect to system manager. I used three seperate browsers. Double checked TLS and SSL settings and certificates.

Finally figured it out.

Make sure the Server side is enabled.

---

wrote:

Happy New Year

 

7-Mode 8.2.4

Windows server 2012 R2

 

I am trying to run my powershell script over https but I got the below error:-

Connect-NaController : Connection to FILERNAME using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel.
The error may be resolved by generating a new certificate on the storage controller, with a longer key length.
At D:\NetApp\Scripts\7-Mode\7Snap1.ps1:35 char:6
+      Connect-NaController $netapp -Credential $cred -HTTPS
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (FILERNAME:NaController) [Connect-NaController], NaConnectionSSLException
    + FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController

 

 

I have increased the key length to more than 2000 (secureadmin setup ssl)but still it is not working. Below are my filer options which I believe should be enough to get it to run over HTTPS.

 

httpd.access                 none

httpd.admin.access           host=myhost1,myhost2,myhost3

httpd.admin.enable           off

httpd.admin.hostsequiv.enable off

httpd.admin.max_connections  512

httpd.admin.ssl.enable       on

httpd.admin.top-page.authentication on

httpd.autoindex.enable       off

httpd.bypass_traverse_checking off

httpd.enable                 off

httpd.ipv6.enable            off

httpd.log.format             common     (value might be overwritten in takeover)

httpd.method.trace.enable    off

httpd.rootdir                /vol/vol0/home/http

httpd.timeout                300        (value might be overwritten in takeover)

httpd.timewait.enable        off

tls.enable                   on

ldap.ssl.enable              off

ssl.enable                   on

ssl.v2.enable                off        (same value required in local+partner)

ssl.v3.enable                on         (same value required in local+partner)

 

If I enable http and run the script over http it works fine. Moreover, I have the same exact configuration on my demo lab and it is working fine even with HTTPS.

I am not sure why it is not working on the production environment. Could it be a server related issue/policy ?

 

Your help is appriciated.

 

Thanks,

---

security SSL show

          Serial                                         Server  Client
Vserver   Number Common Name                             Enabled Enabled
--------- ------ --------------------------------------- ------- -------
uspdop6lus 561E4629E0E3E uspdop6lus            true    false
 Certificate Authority: uspdop6lus

DId you resolve this issue? I'm having exact issue with Powershell.

Thanks!