Skip to main content
NetApp Knowledge Base

S3 Certificate Replacement Shows “Untrusted” Warning in ONTAP

Views:
6
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • NetApp ONTAP 9.14.1P15 (and likely other ONTAP 9.x versions)
  • S3 Object Storage service on ONTAP
  • FAS9500 and similar hardware platforms
  • Environments using internal Microsoft ADCS (Active Directory Certificate Services) as CA

Issue

After replacing the S3 object storage server certificate on ONTAP with a new certificate issued by an internal ADCS CA, browsers and client tools display a warning that the connection is not secure or the certificate is untrusted.
This occurs even though the certificate is correctly installed and valid.

Example Log Output:

::*> security certificate truststore check -server xxxxxobject-s3.xxxx.local:443

Error: command failed: Missing certificate with subject name: "DC=Local,DC=ZZZZ,CN=ZZZZ-AA02"

Browser warning:
 “Connecting to this site is insecure. Do not enter any sensitive information (such as passwords or credit cards) on this website, as it may be stolen by attackers.”

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.