Skip to main content
NetApp Knowledge Base

How to explicitly trust a private CA certificate in Altavault

Views:
647
Visibility:
Public
Votes:
4
Category:
altavault
Specialty:
legacy
Last Updated:

Applies to

  • NetApp Cloud Backup (AltaVault)

Description

  • Private or public CA for cloud provider's SSL certificate must have an existing public certificate trusted on the Altavault.
  • If this is not the case, CA certificate errors will appear in the system log and replication will fail.
  • Altavault's connections to the cloud provider are over SSL and in order to trust the cloud provider's certificate, the signing Certificate Authority (CA) needs to be explicitly trusted.
  • For this purpose,the Altavault like most devices, uses a ca-bundle file, which is a concatenated list of public CA's X.509 certificates.
  • If a customer uses private cloud storage using a certificate signed by a corporate Certificate Authority, the private CA's public certificate needs to be explicitly trusted for the to accept it as valid.
  • The way to accomplish this is by appending the certificate to the file to the Altavault's ca-bundle file.
  • Additionally, a public CA's certificate can expire and be updated, that update may not be reflected in the currently bundled Altavault CA certificate package.
  • If this occurs, then all certificates signed by that CA will fail to validate.

Example errors that may be seen when CA certificate cannot be validated against trusted certificates:

Peer certificate could not be authenticated with known CA certificates. You may proceed by disabling ssl certificate verification if you are sure about the authenticity of the server. Run "no replication ssl verify-certs" from the cli. An error has occurred while replicating data to the cloud. Altavault (config) # cloudctl exec "-a list" Failed to get bucket list: 60: Peer certificate cannot be authenticated with given CA certificates : Peer certificate cannot be authenticated with known CA certificate

Internal Notes (Internal)

 

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.