Unable to add ONTAP cluster to AIQUM because ONTAP does not accept certificates
Applies to
- Active IQ Unified Manager (AIQUM) 9.14
- ONTAP 9.9.1
- Other ONTAP clusters can be added to the AIQUM
- Cloud Agent is disabled
Issue
- Adding ONTAP cluster to AIQUM fails by:
Unable to add cluster data source. This can occur if the clocks on the systems are not synchronized and the Active IQ Unified Manager HTTPS certificate start date is later than the date on the cluster, or if the cluster has reached the maximum number of EMS notification destinations.
jboss/server_acq.logindicates that installing AIQUM certificate fails due to incorrect formatting
INFO [default task-55] c.o.s.a.s.AcquisitionFacadeUtil (AcquisitionFacadeUtil.java:106) - [EMS] - Installing Server Certificate
INFO [default task-55] c.n.o.n.e.EmsZapiManager (EmsZapiManager.java:98) - [EMS ZAPI] - Install Security Certificate - Common Name: <AIQUM_HOST>, Type: server-ca, Certificates: -- omitted --
ERROR [default task-55] c.o.s.a.s.AcquisitionFacadeUtil (AcquisitionFacadeUtil.java:202) - failed to register EMS: : com.netapp.oci.netapp.client.interfaces.data.EmsManagerException: Failed to read the certificate due to incorrect formatting. (errno=61102)
at deployment.mega-app.ear.server-core.jar//com.netapp.oci.netapp.ems.EmsZapiManager.installSecurityCertificate(EmsZapiManager.java:112)
at deployment.mega-app.ear.server-core.jar//com.netapp.oci.netapp.ems.EmsManager.installSecurityCertificate(EmsManager.java:79)
at deployment.mega-app.ear.server-core.jar//com.onaro.sanscreen.acquisition.sessions.AcquisitionFacadeUtil.registerEms(AcquisitionFacadeUtil.java:108)
at deployment.mega-app.ear.server-core.jar//com.netapp.sanscreen.acquisition.sessions.rest.service.impl.AcquisitionFacadeSessionServiceImpl.addDS(AcquisitionFacadeSessionServiceImpl.java:805)
at deployment.mega-app.ear.server-api.war//com.netapp.sanscreen.acquisition.sessions.rest.service.impl.AcquisitionFacadeSessionServiceImpl$$FastClassBySpringCGLIB$$92eba61a.invoke(<generated>)
/etc/log/mlog/audit.login ONTAP shows thatsecurity-certificate-installZAPI fails due to incorrect formatting
[kern_audit:info:2618] 8503e8000016ec3b :: <NODE>:ontapi :: <AIQUM_IP>:63869 :: <NODE>:admin :: <netapp version='1.0' xmlns='http://www.netapp.com/filer/admin' nmsdk_version='9.8P7D1' nmsdk_platform='Windows Server 2022' nmsdk_language='Java'><security-certificate-install><type>server-ca</type><certificate>-----BEGIN CERTIFICATE-----..
[kern_audit:info:2618] 8503e8000016ec3b :: <NODE>:ontapi :: <AIQUM_IP>:63869 :: <NODE>:admin :: security-certificate-install :: Error: Failed to read the certificate due to incorrect formatting.