ONTAP Discussions

SSL certificate problem: self signed certificate in certificate chain

JPick
2,459 Views

We are trying to download firmware on a new 9.7P6  controller.  Here is the error received:  

 

Error: command failed on node xxxx-xx: Download failed. Reason: Failed to download package from dir/netapp/local/dqp04022021/qual_devices.zip. Reason: SSL peer certificate or SSH remote key was not OK: SSL certificate problem: self signed certificate in certificate chain.

 

I looked at certificates, protocols, ciphers....everything looks OK.  Any suggestions?

1 ACCEPTED SOLUTION

CHRISMAKI
2,452 Views

This error sounds like a problem with the host the cluster is trying to connect to and less like a problem with the cluster. What was the command you used to try and grab the new qual_devices.zip?

View solution in original post

7 REPLIES 7

CHRISMAKI
2,453 Views

This error sounds like a problem with the host the cluster is trying to connect to and less like a problem with the cluster. What was the command you used to try and grab the new qual_devices.zip?

JPick
2,447 Views

storage firmware download -node * -package-url https://dir/netapp/local/dqp04022021/qual_devices.zip

 

-Thx

CHRISMAKI
2,446 Views

This is going to try and make an HTTPS request to a host named "dir" which I'm assuming doesn't exist on your network. The command should be:

 

storage firmware download -node * -package-url http://<web-server>/path/qual_devices.zip

 

Where you've replaced <web-server> with a a host that you've uploaded the file to.

CHRISMAKI
2,447 Views

Full instructions can be found here.

JPick
2,445 Views

The command is correct...I was just trying to anonymize the server and path.  I will look upstream at the host.

 

-Thx for your quick responses.

CHRISMAKI
2,440 Views

Is the web server also listening unencrypted on port 80? If so, you could try reverting to HTTP.

TMACMD
2,440 Views

When you see that particular error, you should try HTTP instead of HTTPS.

More than likely you have a certificate that is expired or a problem with a root/int server-ca cert.

Public