Array Setup and Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

unable to active vvol on vca 6.0 - certificate error

Roland Kudelic
Occasional Contributor

unable to active vvol on vca 6.0 - certificate error

HI

I cannot activate storage provider for vvol on vca 6.0U2 with cs500 nos 3.6.1.0.

Error on VCA, the Certificate could not be added to truststore. Is there a problem with the certificate?

From Storage side, when I try to activate VASA Provider, it fails with Failed to register vasa provider.

On the storage is a wildcard certificate installed (*.ak-bs.ch) which is valid till march 2020.

when you run cert --list in ssh, array and group have one, no custom.

Nimble OS $ cert --list

Name        Subject

===================

array:      /C=US/ST=CA/L=San Jose/O=Nimble Storage/CN=AF-120751

group:      /C=US/ST=CA/L=San Jose/O=Nimble Storage/CN=nim012a01.ak0120.local

custom:     no certificate

custom-csr: /C=CH/ST=BS/L=Basel-Stadt/O=Ausgleichskasse Basel-Stadt/OU=IT/CN=nim012a01.ak-bs.ch

custom-ca:  (Pending) /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

Use         Name

===================

HTTPS:      group

APIs:       group

Nimble OS $

So I issued a new certificate to the FQDN name of our Nimble "nim012a01.ak-bs.ch" and tried to import it, and then to set the custom cert for USE with HTTPS and APIs. But this didn't work. Got the error:

Nimble OS $ cert --import custom

Please enter certificate in PEM format followed by ^D:

-----BEGIN CERTIFICATE-----

ZWUjsQ44UtFEUkb/fJgt783AJrj8OkgfaYKYm5pzc2M=

...

...

-----END CERTIFICATE-----

ERROR: Verify custom cert failed: /nimble/var/private/config/current/group/certs//new.crt: C = CH, ST = Basel-Stadt, L = Basel, O = Ausgleichskasse Basel-Stadt, OU = IT, CN = nim012a01.ak-bs.ch

Nimble OS $

Any good idea or tipp?

Regards

Roland

1 REPLY
Highlighted
Roland Kudelic
Occasional Contributor

Re: unable to active vvol on vca 6.0 - certificate error

Hi

Now, I have installed the custom certificate. The Problem still exsistst, that the certificate could not be added in Truststore of VCA 6.0U2. I open a case by vmware after I have recreated the self-sigend certificate on VCA SMS Folder.

Regards

Roland