Microsoft Virtualization Discussions

Expired certificates causing NetApp.ONTAP PSTK 9.13.1 install to fail

KevinMDavis
5,034 Views

We are moving a Workday environment and it's dependent upon using the PSTK commandlets for all user provisioning, onboarding and offboarding. PS v. 5.1, PSTK 9.13.1. 
We cannot install any version without hitting the same error.  It appears all the PSTK downloads are shipping with expired certs.  The certs expired 2 days ago on 10/13:
certs-expirted.png

 

PS C:\Windows\system32> install-module Netapp.Ontap -force -scope AllUsers

PackageManagement\Install-Package : The module 'NetApp.ONTAP' cannot be installed or updated because the authenticode

signature of the file 'NetApp.ONTAP.psd1' is not valid.

At C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 char:21

+ ... $null = PackageManagement\Install-Package @PSBoundParameters

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package],

Exception

+ FullyQualifiedErrorId : InvalidAuthenticodeSignature,ValidateAndGet-AuthenticodeSignature,Microsoft.PowerShell.P

ackageManagement.Cmdlets.InstallPackage

Failed to install or import required PSModules The following error occurred while loading the extended type data file: , C:\Program Files (x86)\WindowsPowerShell\Modules\NetApp.ONTAP\9.13.1.2306\DataONTAP.Type.ps1xml: The file was skipped because of the following validation exception: File C:\Program Files (x86)\WindowsPowerShell\Modules\NetApp.ONTAP\9.13.1.2306\DataONTAP.Type.ps1xml cannot be loaded. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file..

, C:\Program Files (x86)\WindowsPowerShell\Modules\NetApp.ONTAP\9.13.1.2306\DataONTAP.C.Type.ps1xml: The file was skipped because of the following validation exception: File C:\Program Files (x86)\WindowsPowerShell\Modules\NetApp.ONTAP\9.13.1.2306\DataONTAP.C.Type.ps1xml cannot be loaded. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file..

1 ACCEPTED SOLUTION

saharsh
4,433 Views

Hi Team,
The certificate on Toolchest has been renewed, and the toolkit is now functioning properly. We kindly invite you to download it from the link below.

 

https://mysupport.netapp.com/site/tools/tool-eula/ontap-powershell-toolkit/download


Additionally, we will be addressing this issue on the PowerShell Gallery as well.

Thank you for your understanding.

 

View solution in original post

30 REPLIES 30

saharsh
1,135 Views

Now it is available on PowerShell toolkit also 
https://www.powershellgallery.com/packages/NetApp.ONTAP/9.15.1.2410

brnosanse
1,082 Views

I guess older versions will not get available?

Is there anything I can do - so I do not need to change all the existing code with -ONTAPI or -ZAPICALL or such (I don’t remember exactly)?
This is just disaster...

well, another "bullet" for one of the big customers (150+ netapp systems), no one going to be happy to hear automation does not work anymore...

saharsh
861 Views

You can still run the old version of PSTK by following step:

1. Open PowerShell in administrator mode 

2. Run command Set-ExecutionPolicy Unrestricted

brnosanse
858 Views

hello, it does not work for
Install-Module -Name NetApp.ONTAP -RequiredVersion 9.10.1.2111

and I do not know where else I can download that old version

i didnt manage to install one of the older version after only setting `Set-ExecutionPolicy Unrestricted`, still got the authenticode error.

 

`Install-Module -Name NetApp.ONTAP -Scope AllUsers -RequiredVersion '9.14.1.2401' -Force -Repository PSGallery -SkipPublisherCheck`

 

Hope it helps

KevinMDavis
777 Views

Set-ExecutionPolicy does not override systemwide GPOs that enforce code signing, AFAIK.

saharsh
818 Views

Hi we'll provide the new release for 9.10.1.2111 also

KevinMDavis
777 Views

If I were a customer with hundreds or thousands of lines of code that depends on working versions (AHEM...), I would fully expect that the new certs would be applied to every version available for download.
C'mon NetApp devs...applying new certs to the older versions and replacing the ones available with unexpired certs is... not difficult.

saharsh
772 Views

For the default REST behavior, please use version 9.15.1.2410, which is backward compatible with all versions that have the default REST behavior.
We are currently signing the version with the default ZAPI behavior, specifically 9.10.2111

Public