Happy New Year 
7-Mode 8.2.4
Windows server 2012 R2
I am trying to run my powershell script over https but I got the below error:-
Connect-NaController : Connection to FILERNAME using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel.
The error may be resolved by generating a new certificate on the storage controller, with a longer key length.
At D:\NetApp\Scripts\7-Mode\7Snap1.ps1:35 char:6
+ Connect-NaController $netapp -Credential $cred -HTTPS
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (FILERNAME:NaController) [Connect-NaController], NaConnectionSSLException
+ FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController
I have increased the key length to more than 2000 (secureadmin setup ssl)but still it is not working. Below are my filer options which I believe should be enough to get it to run over HTTPS.
| httpd.access none |
| httpd.admin.access host=myhost1,myhost2,myhost3 |
| httpd.admin.enable off |
| httpd.admin.hostsequiv.enable off |
| httpd.admin.max_connections 512 |
| httpd.admin.ssl.enable on |
| httpd.admin.top-page.authentication on |
| httpd.autoindex.enable off |
| httpd.bypass_traverse_checking off |
| httpd.enable off |
| httpd.ipv6.enable off |
| httpd.log.format common (value might be overwritten in takeover) |
| httpd.method.trace.enable off |
| httpd.rootdir /vol/vol0/home/http |
| httpd.timeout 300 (value might be overwritten in takeover) |
| httpd.timewait.enable off |
| tls.enable on |
| ldap.ssl.enable off |
| ssl.enable on |
| ssl.v2.enable off (same value required in local+partner) |
| ssl.v3.enable on (same value required in local+partner) |
If I enable http and run the script over http it works fine. Moreover, I have the same exact configuration on my demo lab and it is working fine even with HTTPS.
I am not sure why it is not working on the production environment. Could it be a server related issue/policy ?
Your help is appriciated.
Thanks,
Thanks for your replay
Can you access the webfrontend by browser over https ? Does it produce a warning ?
I got the below error:-
I have checked TLS1.1 and TLS 1.2 and both are enabled.
As for the code in the link provided, I got the below error:
However, in the test lab both tests works fine.
Could it be that some group policy is forced via AD that's causing the issue seen on the production environment ?
On 8.3 I had the same issue attempting to connect to system manager. I used three seperate browsers. Double checked TLS and SSL settings and certificates.
Finally figured it out.
Make sure the Server side is enabled.
wrote:Happy New Year
7-Mode 8.2.4
Windows server 2012 R2
I am trying to run my powershell script over https but I got the below error:-
Connect-NaController : Connection to FILERNAME using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel. The error may be resolved by generating a new certificate on the storage controller, with a longer key length. At D:\NetApp\Scripts\7-Mode\7Snap1.ps1:35 char:6 + Connect-NaController $netapp -Credential $cred -HTTPS + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidResult: (FILERNAME:NaController) [Connect-NaController], NaConnectionSSLException + FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController
I have increased the key length to more than 2000 (secureadmin setup ssl)but still it is not working. Below are my filer options which I believe should be enough to get it to run over HTTPS.
httpd.access none httpd.admin.access host=myhost1,myhost2,myhost3 httpd.admin.enable off httpd.admin.hostsequiv.enable off httpd.admin.max_connections 512 httpd.admin.ssl.enable on httpd.admin.top-page.authentication on httpd.autoindex.enable off httpd.bypass_traverse_checking off httpd.enable off httpd.ipv6.enable off httpd.log.format common (value might be overwritten in takeover) httpd.method.trace.enable off httpd.rootdir /vol/vol0/home/http httpd.timeout 300 (value might be overwritten in takeover) httpd.timewait.enable off tls.enable on ldap.ssl.enable off ssl.enable on ssl.v2.enable off (same value required in local+partner) ssl.v3.enable on (same value required in local+partner)
If I enable http and run the script over http it works fine. Moreover, I have the same exact configuration on my demo lab and it is working fine even with HTTPS.
I am not sure why it is not working on the production environment. Could it be a server related issue/policy ?
Your help is appriciated.
Thanks,
security SSL show
Serial Server Client
Vserver Number Common Name Enabled Enabled
--------- ------ --------------------------------------- ------- -------
uspdop6lus 561E4629E0E3E uspdop6lus true false
Certificate Authority: uspdop6lus
