Adding new serverCA certificate for External Key Management results in error
Applies to
- ONTAP 9
- External Key Management (EKM)
Issue
- When updating the Server-CA certificate for EKM, SSL and IO errors are observed.
- Example:
Node Vserver Key Server Status
---- ------- ------------------------------------------- ---------------
cluster-01
svm1
kmip.x.x.com:5696 not-responding
Status Details: IO
- OpenSSL outputs also show error:
Start Time: 1707339528
Timeout : 300 (sec)
Verify return code: 26 (unsupported certificate purpose)