ONTAP Discussions

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

SSL certificate problem: self signed certificate in certificate chain

JPick
NetApp
‎2021-09-07 04:26 PM
12,327 Views

We are trying to download firmware on a new 9.7P6  controller.  Here is the error received:  

 

Error: command failed on node xxxx-xx: Download failed. Reason: Failed to download package from dir/netapp/local/dqp04022021/qual_devices.zip. Reason: SSL peer certificate or SSH remote key was not OK: SSL certificate problem: self signed certificate in certificate chain.

 

I looked at certificates, protocols, ciphers....everything looks OK.  Any suggestions?

1 ACCEPTED SOLUTION
JPick has accepted the solution

CHRISMAKI
NetApp A-Team
‎2021-09-07 04:48 PM
12,320 Views

This error sounds like a problem with the host the cluster is trying to connect to and less like a problem with the cluster. What was the command you used to try and grab the new qual_devices.zip?

View solution in original post

0 Kudos
8 REPLIES 8
JPick has accepted the solution

CHRISMAKI
NetApp A-Team
‎2021-09-07 04:48 PM
12,321 Views

This error sounds like a problem with the host the cluster is trying to connect to and less like a problem with the cluster. What was the command you used to try and grab the new qual_devices.zip?

0 Kudos

JPick
NetApp
‎2021-09-07 04:55 PM
12,311 Views

storage firmware download -node * -package-url https://dir/netapp/local/dqp04022021/qual_devices.zip

 

-Thx

0 Kudos

CHRISMAKI
NetApp A-Team
‎2021-09-07 04:59 PM
12,310 Views

This is going to try and make an HTTPS request to a host named "dir" which I'm assuming doesn't exist on your network. The command should be:

 

storage firmware download -node * -package-url http://<web-server>/path/qual_devices.zip

 

Where you've replaced <web-server> with a a host that you've uploaded the file to.

0 Kudos

CHRISMAKI
NetApp A-Team
‎2021-09-07 05:00 PM
12,311 Views

Full instructions can be found here.

0 Kudos

JPick
NetApp
‎2021-09-07 05:02 PM
12,309 Views

The command is correct...I was just trying to anonymize the server and path.  I will look upstream at the host.

 

-Thx for your quick responses.

0 Kudos

CHRISMAKI
NetApp A-Team
‎2021-09-07 05:06 PM
In response to JPick
12,304 Views

Is the web server also listening unencrypted on port 80? If so, you could try reverting to HTTP.

0 Kudos

TMACMD
NetApp A-Team
‎2021-09-07 05:06 PM
12,304 Views

When you see that particular error, you should try HTTP instead of HTTPS.

More than likely you have a certificate that is expired or a problem with a root/int server-ca cert.

tpeter
‎2023-12-13 07:08 AM
7,163 Views

Use a https server with eg. Company signed certificate (AD certsrv).

Upload the Company CA root certificate to the Netapp box.

::> security certificate install -vserver [vserver name] -type server-ca

use https to download the firmware from the server 

::> system firmware download -package https://.../.zip 

Also I have put Comany signed certificate on my Netapp boxes.

Hope it helps.

Announcements
All Community Forums
Public