Justin –

 

Thanks for the quick response, we tried with http too but get the same error.

 

I’ve opened a case with NetApp on this, so I’ll see what they have to say.

 

Thanks!

 

From: Parisi, Justin [mailto:Justin.Parisi@netapp.com]
Sent: Friday, August 28, 2015 11:08 AM
To: Tony Bar <tbar@BERKCOM.com>; toasters@teaparty.net
Subject: RE: Questions about Cert CAs with software updates in CDOT

 

This is likely bug 816595. Fixed in 8.3.1. (I know that doesn’t help you get it working on your current version)

 

http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=816595

 

You can use HTTP. There are also some potential alternate options, but you’d need to contact support.

 

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Tony Bar
Sent: Friday, August 28, 2015 2:00 PM
To: toasters@teaparty.net
Subject: Questions about Cert CAs with software updates in CDOT

 

Toasters -

 

This is a new one to me, but I'm sure my customer here isn't the only one out there who issues self-signed certs with custom names.   Has anyone else run into this before and if so, what did you have to do to resolve?  We've tried doing a symlink from her cert to the expected name/path but that doesn't help.  Is there perhaps a hidden option like "-k -O" in Unix application "curl" or an alternate method for downloading the updates?

 

Output of what I'm seeing below, any help would be appreciated:

 

<clustername>::> system node image update -node <cluster>-01 -package https://<webhost>/util/83P2_q_image.tgz   -replace-package true 

 

Install Failed.

Failed to download package from

https://<webhost>/util/83P2_q_image.tgz. Error: Problem with the SSL

CA cert (path? access rights?) : error setting certificate verify locations:

  CAfile: /etc/pki/tls/certs/ca-bundle.crt

  CApath: none

Error: command failed: Install Failed. Failed to download package from

       https://<webhost>/util/83P2_q_image.tgz. Error: Problem with

       the SSL CA cert (path? access rights?) : error setting certificate

       verify locations:

         CAfile: /etc/pki/tls/certs/ca-bundle.crt

         CApath: none

 

We do not have access to FTP or TFTP options, the customer is a financial services company so their network is pretty locked down without many (if any) options to work with.

 

Thanks again!


Anthony Bar 

tbar@berkcom.com

(650) 207-5368
www.berkcom.com