Skip to main content
NetApp Knowledgebase

NetApp does not receive AutoSupport messages sent through HTTPS with certificate validation enabled

Applies to

  • ONTAP 9
  • Clustered Data ONTAP 8

Issue

AutoSupport messages are successfully delivered to NetApp using HTTP as the transport, but fails when using HTTPS with certificate validation enabled.
There are two types of known failures that will prevent HTTPS with validation enabled  

  1. message: error setting certificate verify locations
  2. message: SSL certificate problem: self signed certificate in certificate chain

The signature can be determined by viewing the errors logged by the AutoSupport subsystem by reviewing the  /mroot/etc/log/mlog/notifyd.log: 

How to review notifyd.log

Data ONTAP 7-Mode:

>rdfile /etc/log/mlog/notifyd.log

Clustered Data ONTAP:

::> node run -node (node name) -command rdfile /etc/log/mlog/notifyd.log

Example of errors seen in notifyd

Error 1 - message: error setting certificate verify locations

00000008.0004cbb8 069e8daa Thu Mar 28 2013 10:33:04 -04:00 [kern_notifyd:info:711] (category: 711:651:deliver) (emittime: 3/28/2013 10:33:04) (message: Connected to support.netapp.com (216.240.21.18) port 443)
00000008.0004cbb9 069e8daa Thu Mar 28 2013 10:33:04 -04:00 [kern_notifyd:info:711] (category: 711:651:deliver) (emittime: 3/28/2013 10:33:04) (message: error setting certificate verify locations:
00000008.0004cbba 069e8daa Thu Mar 28 2013 10:33:04 -04:00 [kern_notifyd:info:711]   CAfile: /mroot/etc/keymgr/root/cacert.pem
00000008.0004cbbb 069e8daa Thu Mar 28 2013 10:33:04 -04:00 [kern_notifyd:info:711]   CApath: none)
00000008.0004cbbc 069e8daa Thu Mar 28 2013 10:33:04 -04:00 [kern_notifyd:info:711] (category: 711:651:deliver) (emittime: 3/28/2013 10:33:04) (message: Closing connection #0)
00000008.0004cbbd 069e8daa Thu Mar 28 2013 10:33:04 -04:00 [kern_notifyd:info:711] (category: 711:651:deliver) (emittime: 3/28/2013 10:33:04) (message: deliver_http_asup: HTTP PUT response error, status code 60.)

Error 2 - message: SSL certificate problem: self signed certificate in certificate chain
00000017.00975b3d 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: Connected to support.netapp.com (216.240.21.18) port 443 (#0))
00000017.00975b3e 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: successfully set certificate verify locations:)
00000017.00975b3f 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message:   CAfile: /mroot/etc/keymgr/root/cacert.pem
00000017.00975b40 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017]   CApath: none)
00000017.00975b41 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: SSLv3, TLS handshake, Client hello (1):)
00000017.00975b42 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: SSLv3, TLS handshake, Server hello (2):)
00000017.00975b43 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: SSLv3, TLS handshake, CERT (11):)
00000017.00975b44 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: SSLv3, TLS alert, Server hello (2):)
00000017.00975b45 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: SSL certificate problem: self signed certificate in certificate chain)
00000017.00975b46 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: Closing connection #0)
00000017.00975b47 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: deliver_http_asup: HTTP PUT response error, status code 60.)
00000017.00975b48 0437a7d3 Tue Mar 01 2016 11:21:11 -06:00 [kern_notifyd:info:43017] (category: 43017:1359:deliver) (emittime: 3/1/2016 11:09:08) (message: asup_job HTTP attempt failed '/mroot/etc/log/autosupport/201603011107.0')

 

 

 

 

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support