Renew the client-type certificate from AIQUM 9.18 but the new certificate is not installed in the ONTAP cluster
Applies to
- Active IQ Unified Manager(AIQUM) 9.18
- ONTAP 9
- Regenerate the Unified Manager client certificate
Issue
- After renew the client certificate by following steps mentioned in Regenerate the Unified Manager client certificate, the new certificate is not installed in the ONTAP cluster.
server_acq.logindicates ONTAP Authorization failed while updating client certificate.
2026-02-03 13:30:20,512 INFO [ServerService Thread Pool -- 110] c.n.s.a.s.r.s.p.e.i.AcquisitionFacadeSessionLocalServiceImpl (AcquisitionFacadeSessionLocalServiceImpl.java:269) - Updating cluster certificate details upon client ceritificate regeneration...2026-02-03 13:30:32,649 ERROR [ServerService Thread Pool -- 110] c.n.u.RestUtil (RestUtil.java:267) - Fetching of details from Ontap failed with error code: 4012026-02-03 13:30:36,714 ERROR [ServerService Thread Pool -- 110] c.n.o.n.e.EmsManager (EmsManager.java:437) - Failed to call system-get-version -- : netapp.manage.NaAuthenticationException: Authorization failed...2026-02-03 13:30:36,717 ERROR [ServerService Thread Pool -- 110] c.n.s.a.s.r.s.p.e.i.AcquisitionFacadeSessionLocalServiceImpl (AcquisitionFacadeSessionLocalServiceImpl.java:300) - handleClientCertRegeneration: failed to handle scenario of client certificate regeneration;: java.lang.NullPointerException: Cannot invoke "com.netapp.oci.netapp.ems.EmsUtil$ClientKeyInformation.getClientCertificateKeySerial()" because "clientKeyInformation" is null
- ONTAP
apache-error.logindicates authentication denied for AIQUM host at the same time:
[dot:error] [pid 16361:tid 34402004736] [client [AIQUM-MGMT]:38206] [vserver ID xxxxx] [service rest] Authentication denied for user admin, application http[auth_basic:error] [pid 16361:tid 34402004736] [client [AIQUM-MGMT]:38206] AIQUM-hostname: user admin: authentication failure for "/api/cluster/nodes": Password Mismatch