Unable to add cluster to Unified Manager due to duplicate certificate entries in a cluster
Applies to
- Active IQ Unified Manager (AIQUM)
- ONTAP 9
Issue
- Unable to add cluster datasource to AIQUM
- Error in AIQUM GUI:
Unable to add cluster datasource. This can occur if the clocks on the systems are not synchronized and the Active IQ
Unified Manager HTTPS certificate start date is later than the date on the cluster, or if the cluster has reached the
maximum number of EMS notification destinations.
- API command failed in ONTAP
audit.log
:
audit (3).log:00000016.105fa7f7 098d4b04 Tue Jan 17 2023 13:17:55 -06:00 [kern_audit:info:71823] 8503f700022d6c51 :: clustername:ontapi :: 10.x.x.x:59394 :: clustername:admin :: <netapp version='1.0' xmlns='http://www.netapp.com/filer/admin' nmsdk_version='9.8P3' nmsdk_platform='Red Hat Enterprise Linux Server release 7.9 x86_64' nmsdk_language='Java'><security-certificate-install><type>server-ca</type><certificate>-----BEGIN CERTIFICATE----- MIIDRjCCAi6gAwIB...r0yswR... :: Pending:
audit (3).log:00000016.105fa7fc 098d4b04 Tue Jan 17 2023 13:17:55 -06:00 [kern_audit:info:71823] 8503f700022d6c51 :: clustername:ontapi :: 10.x.x.x:59394 :: clustername:admin :: security-certificate-install :: Error: duplicate entry
mgwd.log
shows the duplicate certificate:
2023 13:17:55 -06:00 [kern_mgwd:info:71823] 0x81ef36f00: 8503f700022d6c52: ERR: security_mgwd::tables::certificate::install_cert: [logInstallRemoveError]:66: SSL: Failed to install the certificate with common name f323d9d3-07e0-49c8-96c5-0d0fbac81c19, Reason: duplicate entry
- AIQUM
audit.log
:
2023-01-15 07:16:22,550 INFO [pool-49-thread-1] c.n.o.n.e.EmsZapiManager (EmsZapiManager.java:524) - [EMS ZAPI] - Modifying Event Notification Destination - Name: clustername, API URL: https://clustername:9443/acq/ontap/ems, Certificate Authority: f323d9d3-07e0-49c8-96c5-0d0fbac81c19, Certificate Serial Number: 3B3BC8E9
2023-01-15 07:20:02,032 ERROR [pool-49-thread-7] c.n.o.n.e.EmsZapiManager (EmsZapiManager.java:718) - Failed to call vserver-get-iter -- : netapp.manage.NaProtocolException: Unexpected HTTP response: 502 Bad Gateway
at deployment.mega-app.ear//netapp.manage.NaServer.invokeHTTP(NaServer.java:1019)
: netapp.manage.NaProtocolException: Unexpected HTTP response: 502 Bad Gateway