ONTAP Discussions

Server certificate verification failed, mismatch.

ANSHUL_JAISWAL
5,328 Views

Hi All,

 

We are trying to establish a secured connection with cluster mode NetApp storage device using communication style as ‘NA_STYLE_CERTIFICATE’ and transport type as ‘NA_SERVER_TRANSPORT_HTTPS’, port = 443.

 

We are setting the server certificate using API ‘na_server_set_ca_certs’ and client certificate using API ‘na_server_set_client_cert_and_key’.

 

Server certificate is copied from NetApp storage device and pasted in a ‘.cert’ file.

 

Client certificated is self-signed created and installed on cluster as client-ca certificate.

 

Hostname verification is enabled by-default.

 

But using all this Server certificate verification failed, giving following error:

Server certificate verification failed: Server certificate name (CN=xxxxxxxxx), hostname (xx.xxx.xx.x) mismatch.

 

Now, when we disable hostname verification using API ‘na_server_set_hostname_verification’ then error resolved and server certificate verification succeeded.

What I need to do for successful hostname verification?

 

Thanks in anticipation.

Any help is much appreciated.

2 REPLIES 2

rkiran
5,273 Views

Hi,

 

I think you might be specifying the IP address of the Data ONTAP server instead of hostname in  na_server_open(hostname, ..) core API.

For hostname verification, you should always specify the same hostname that is present in the CN field in the certificate to na_server_open(hostname, ..) API. Could you please try this.

ANSHUL_JAISWAL
5,242 Views

Thank you very much rkiran.

 

The solution specified by you worked for me, hostname verification for server certificate authentication is success after having common name in certificate same as hostname.

Also it worked if I use IP instead of hostname and specify common name as IP in SSL certificate.

 

Thank you once again for your help.

Public