S3 Certificate Replacement Shows “Untrusted” Warning in ONTAP
Applies to
- NetApp ONTAP 9.14.1P15 (and likely other ONTAP 9.x versions)
- S3 Object Storage service on ONTAP
- FAS9500 and similar hardware platforms
- Environments using internal Microsoft ADCS (Active Directory Certificate Services) as CA
Issue
After replacing the S3 object storage server certificate on ONTAP with a new certificate issued by an internal ADCS CA, browsers and client tools display a warning that the connection is not secure or the certificate is untrusted.
This occurs even though the certificate is correctly installed and valid.
Example Log Output:
Browser warning:
Example Log Output:
::*> security certificate truststore check -server xxxxxobject-s3.xxxx.local:443Error: command failed: Missing certificate with subject name: "DC=Local,DC=ZZZZ,CN=ZZZZ-AA02"Browser warning:
“Connecting to this site is insecure. Do not enter any sensitive information (such as passwords or credit cards) on this website, as it may be stolen by attackers.”