Now we want to use this AD user for ONTAPI communication using SSL certificate style.
So for achieving this we need to create a SSL certificate with common name as security login which is DOMAIN1\username in our case.
So we generate a SSL Certificate with common name as DOMAIN1\username. But while installing this SSL certificate on admin vserver or SVM we are getting following error and certificate installation is unsuccessful.
We are getting following error when using signed certifcates with client-ca authentication. Everything works fine when using self signed certicates.
code: AUTHENTICATION_FAILED message: "Could not connect to the filer with the user creds provided" detailedMessage: "Error connecting to port 443 of filer mketest. Err: No permission to use \'hostsequiv\' authentication, must be root.."
we would like to use domain user with certificate as local account are not allowed as per company policy.
Main concern is when http communication is used for fpolicy password are not encryted and you can see all password in wireshark traces. see attached. with certificate communication using domain user we can avoid the security risk.
is there any workaround and can you also create enhancement request to support this in near future.