Solved: Importing a SSL cert and key for secureadmin

jmalone · ‎2011-03-18

Hi.

Our organization uses wildcard SSL certs (from godaddy) on all of our internal and external servers. All servers share the cert file and the private key. On our previous filer (FAS270, ontap 7.1) I was able to copy the files into /etc/keymgr/cert/secureadmin.key and /etc/keymgr/key/secureadmin.pem and things just worked. I can't get our new FAS2020 (ontap 7.3.5.1) to do that. When I enable secureadmin ssl, I just get the error

"[shfiler: httpd.socket.listener.create:error]: HTTPS Initialization failure; could not create listener socket."

I notice that when I run secureadmin setup ssl, it creates an encrypted key in keymgr/key/secureadmin.pem but I have no idea what it uses for the passphrase. Do I need to encrypt my key for the filer to accept it?

Thanks,

-Josh

jmalone · ‎2011-03-18

Naturally, as soon as I post the question, I solve the problem.

It seems that simply running 'secureadmin setup ssl' does whatever the voodoo is needed to get SSL working. After running that and generating a self-signed cert, I'm able to replace the files with the ones from my CA, restart secureadmin ssl and everything is happy. Sorry for the noise post.

-Josh

View solution in original post

jmalone · ‎2011-03-18

Naturally, as soon as I post the question, I solve the problem.

It seems that simply running 'secureadmin setup ssl' does whatever the voodoo is needed to get SSL working. After running that and generating a self-signed cert, I'm able to replace the files with the ones from my CA, restart secureadmin ssl and everything is happy. Sorry for the noise post.

-Josh

Importing a SSL cert and key for secureadmin

secureadmin setup ssl

Harvest tries to use ssl certs to login to OCUM

S3-Bucket Key Authentication

CertPlus Cert expiring

Delete ONTAP SSL Certs for AltaVault (? - called UTN-USERFirst-Hardware, etc.)