Software Development Kit (SDK) and API Discussions

Powershell connect-nacontroller results in "Could not create SSL/TLS secure channel"

LHow
362 Views

Hello! 

New array deployment here. Former NetApp customer returning and looking to manage some aspects of day to day admin via the Netapp.ONTAP powershell modules. I have been unable to get connected and support suggested posting here.

if (Get-Module -ListAvailable -Name NetApp.ONTAP) {
    Write-Host "NetApp Modules are installed..."
} 
else {
    Write-Host "NetApp Module does not exist....installing now...."
    Install-Module -Name NetApp.ONTAP
}

# Variables
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls13
$NetAppArray='netapp01.domain.com'
$cred=$(Get-Credential)

# Connect to array
Connect-NaController -Name $NetAppArray -Credential $cred -HTTPS

Error as follows:

Connect-NaController : Connection to netapp01.domain.com using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel.
The error may be resolved by generating a new certificate on the storage controller, with a longer key length.
At O:\Network\Scripts\PowerShell\NetApp.ps1:17 char:1
+ Connect-NaController -Name $NetAppArray -Credential $cred -HTTPS
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (netapp01.domain.com:NaController) [Connect-NaController], NaConnectionSSLException
+ FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController

 

Things I have tried:

Verified key length is 2048. I have tried forcing TLS 1.2 and 1.3 from powershell. Tried shortname/FQDN/IP. I have used the built-in self signed cert as well as a purchased digicert wildcard. 

 

Some output from the array (run with 'set advanced'):

netapp01::*> security certificate show -fields size -type server                    
vserver common-name serial           ca       type   subtype cert-name                 size 
------- ----------- ---------------- -------- ------ ------- ------------------------- ---- 
netapp01 
        netapp01    0C02639083A3E774E2E1B51125F1BB34 
                                     "DigiCert Global G2 TLS RSA SHA256 2020 CA1" 
                                              server -       netapp01_wildcard2025     2048 
netapp01 
        netapp01    17D48425558215B2 netapp01 server -       netapp01_17D48425558215B2 2048 
4 entries were displayed.

 

netapp01::*> security config show -fields supported-protocols
interface supported-protocols 
--------- ------------------- 
SSL       TLSv1.3,TLSv1.2     

Thanks in advance for any ideas.

1 ACCEPTED SOLUTION

LHow
326 Views

Just tried connect-nccontroller and that works, so will proceed with that.

View solution in original post

1 REPLY 1

LHow
327 Views

Just tried connect-nccontroller and that works, so will proceed with that.

Public