Toasters -
This is a new one to me, but I'm sure my customer here isn't the only one out there who issues self-signed certs with custom names. Has anyone else run into this before and if so, what did you have to do to resolve? We've tried doing a symlink from her cert to the expected name/path but that doesn't help. Is there perhaps a hidden option like "-k -O" in Unix application "curl" or an alternate method for downloading the updates?
Output of what I'm seeing below, any help would be appreciated:
<clustername>::> system node image update -node <cluster>-01 -package https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz -replace-package true
Install Failed. Failed to download package from https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz. Error: Problem with the SSL CA cert (path? access rights?) : error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Error: command failed: Install Failed. Failed to download package from https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz. Error: Problem with the SSL CA cert (path? access rights?) : error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
We do not have access to FTP or TFTP options, the customer is a financial services company so their network is pretty locked down without many (if any) options to work with.
Thanks again!
Anthony Bar tbar@berkcom.commailto:tbar@berkcom.com (650) 207-5368 www.berkcom.comhttp://www.berkcom.com/
This is likely bug 816595. Fixed in 8.3.1. (I know that doesn’t help you get it working on your current version)
http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=816595
You can use HTTP. There are also some potential alternate options, but you’d need to contact support.
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Tony Bar Sent: Friday, August 28, 2015 2:00 PM To: toasters@teaparty.net Subject: Questions about Cert CAs with software updates in CDOT
Toasters -
This is a new one to me, but I'm sure my customer here isn't the only one out there who issues self-signed certs with custom names. Has anyone else run into this before and if so, what did you have to do to resolve? We've tried doing a symlink from her cert to the expected name/path but that doesn't help. Is there perhaps a hidden option like "-k -O" in Unix application "curl" or an alternate method for downloading the updates?
Output of what I'm seeing below, any help would be appreciated:
<clustername>::> system node image update -node <cluster>-01 -package https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz -replace-package true
Install Failed. Failed to download package from https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz. Error: Problem with the SSL CA cert (path? access rights?) : error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Error: command failed: Install Failed. Failed to download package from https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz. Error: Problem with the SSL CA cert (path? access rights?) : error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
We do not have access to FTP or TFTP options, the customer is a financial services company so their network is pretty locked down without many (if any) options to work with.
Thanks again!
Anthony Bar tbar@berkcom.commailto:tbar@berkcom.com (650) 207-5368 www.berkcom.comhttp://www.berkcom.com/
Justin –
Thanks for the quick response, we tried with http too but get the same error.
I’ve opened a case with NetApp on this, so I’ll see what they have to say.
Thanks!
From: Parisi, Justin [mailto:Justin.Parisi@netapp.com] Sent: Friday, August 28, 2015 11:08 AM To: Tony Bar tbar@BERKCOM.com; toasters@teaparty.net Subject: RE: Questions about Cert CAs with software updates in CDOT
This is likely bug 816595. Fixed in 8.3.1. (I know that doesn’t help you get it working on your current version)
http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=816595
You can use HTTP. There are also some potential alternate options, but you’d need to contact support.
From: toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Tony Bar Sent: Friday, August 28, 2015 2:00 PM To: toasters@teaparty.netmailto:toasters@teaparty.net Subject: Questions about Cert CAs with software updates in CDOT
Toasters -
This is a new one to me, but I'm sure my customer here isn't the only one out there who issues self-signed certs with custom names. Has anyone else run into this before and if so, what did you have to do to resolve? We've tried doing a symlink from her cert to the expected name/path but that doesn't help. Is there perhaps a hidden option like "-k -O" in Unix application "curl" or an alternate method for downloading the updates?
Output of what I'm seeing below, any help would be appreciated:
<clustername>::> system node image update -node <cluster>-01 -package https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz -replace-package true
Install Failed. Failed to download package from https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz. Error: Problem with the SSL CA cert (path? access rights?) : error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Error: command failed: Install Failed. Failed to download package from https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz. Error: Problem with the SSL CA cert (path? access rights?) : error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
We do not have access to FTP or TFTP options, the customer is a financial services company so their network is pretty locked down without many (if any) options to work with.
Thanks again!
Anthony Bar tbar@berkcom.commailto:tbar@berkcom.com (650) 207-5368 www.berkcom.comhttp://www.berkcom.com/
Is it still possible to copy the package into mroot and install from there?
On Fri, Aug 28, 2015 at 2:13 PM, Tony Bar tbar@berkcom.com wrote:
Justin –
Thanks for the quick response, we tried with http too but get the same error.
I’ve opened a case with NetApp on this, so I’ll see what they have to say.
Thanks!
*From:* Parisi, Justin [mailto:Justin.Parisi@netapp.com] *Sent:* Friday, August 28, 2015 11:08 AM *To:* Tony Bar tbar@BERKCOM.com; toasters@teaparty.net *Subject:* RE: Questions about Cert CAs with software updates in CDOT
This is likely bug 816595. Fixed in 8.3.1. (I know that doesn’t help you get it working on your current version)
http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=816595
You can use HTTP. There are also some potential alternate options, but you’d need to contact support.
*From:* toasters-bounces@teaparty.net [ mailto:toasters-bounces@teaparty.net toasters-bounces@teaparty.net] *On Behalf Of *Tony Bar *Sent:* Friday, August 28, 2015 2:00 PM *To:* toasters@teaparty.net *Subject:* Questions about Cert CAs with software updates in CDOT
Toasters -
This is a new one to me, but I'm sure my customer here isn't the only one out there who issues self-signed certs with custom names. Has anyone else run into this before and if so, what did you have to do to resolve? We've tried doing a symlink from her cert to the expected name/path but that doesn't help. Is there perhaps a hidden option like "-k -O" in Unix application "curl" or an alternate method for downloading the updates?
Output of what I'm seeing below, any help would be appreciated:
<clustername>::> system node image update -node <cluster>-01 -package https://<webhost>/util/83P2_q_image.tgz https://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz -replace-package true
Install Failed.
Failed to download package from
https://<webhost>/util/83P2_q_image.tgz https://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz. Error: Problem with the SSL
CA cert (path? access rights?) : error setting certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
Error: command failed: Install Failed. Failed to download package from
https://<webhost>/util/83P2_q_image.tgzhttps://monitor1.sjc1.prod.ce/util/83P2_q_image.tgz. Error: Problem with
the SSL CA cert (path? access rights?) : error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: noneWe do not have access to FTP or TFTP options, the customer is a financial services company so their network is pretty locked down without many (if any) options to work with.
Thanks again!
Anthony Bar
tbar@berkcom.com
(650) 207-5368 www.berkcom.com
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
-
Douglas Siggins -
Parisi, Justin -
Tony Bar