メインコンテンツまでスキップ

ONTAP S3 「 Unable to get local issuer certificate 」というエラーがサードパーティの中間証明書チェーンに表示されます

Views:
271
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core<a>2008703265</a>
Last Updated:

環境

  • ONTAP S3
  • 署名済み証明書
  • ONTAP 9.7以降

問題

サードパーティの署名済み証明書チェーンを使用している場合、ONTAP S3サーバはチェーン全体を送信しないため、検証に失敗します。

# curl -I https://<URL/ -v
* Expire in 0 ms for 6 (transfer 0x5623be65fdd0)
...
* Expire in 0 ms for 1 (transfer 0x5623be65fdd0)
*   Trying 172.16.XX.XX...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5623be65fdd0)
* Connected to s3.local (172.16.XX.XX) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.