NetApp Virtual Storage Console (VSC) Error – TLS Not Configured

We utilize NetApp Virtual Storage Console on our vCenter Server. Something recently disrupted our connectivity to the storage server. We went to investigate.

vsc

If you navigate to Storage Systems from the VSC Dashboard, you will see the error TLS is not configured. This could be caused by several things but in our case the SSL certificate on the NetApp had expired. Default self-signed NetApp SSL certificates are set to expire after 365 days. For those who have vCenter Server and require NetApp Virtual Storage Console an active self-signed SSL certificate must be in place on the NetApp for it to work.

tls-not-conf

There are instructions in the console to correct the issue but they are not effective. To solve this problem you should open an SSL session to the filer and follow the instructions below. I use Putty for SSL. These instructions should work for Clustered Data ONTAP 8.1, 8.2 and 8.3.

Open Putty, enter the IP address of your NetApp and connect, enter your user and password. Once connected run this command to enable privileged mode:

cm2244a-cn::> set -privilege advanced
cm2244a-cn::*> security certificate show

The output will show the SSL expiration date.

SSL      server
Expiration Date: Thu Feb 27 14:16:49 2013

Check which SSL certificate is currently in use.

cm2244a-cn::> security ssl show
vser

To renew the certificate you should delete the original one and replace it with a new one. But first check the details to ensure you are deleting the correct certificate.

cm2244a-cn::*> security certificate show -instance -vserver cm2244a-cn 

vser3

vser2

Delete the SSL certificate by filling in the unique information from the above results. For Data ONTAP 8.2 and 8.3 use the following command. For Data ONTAP 8.1 commands refer to this articleNote: As soon you delete the certificate, the SSL service will be disabled.

cm2244a-cn::*> security certificate delete -common-name christoh-svm1.cert -ca christoh-svm1.cert -type server -vserver christoh-svm1 -serial 5514941E

Warning: Deleting a server certificate will also delete the corresponding
server-chain certificate, if one exists.
Do you want to continue? {y|n}:

Say yes to the prompt. Then recreate the SSL certificate with a longer lifespan.

cm6240c-cluster::> security certificate create -vserver christoh-svm1 -common-name christoh-svm1.cert -size 2048 -type server -country US -expire-days 3650 -hash-function SHA256

Verify your new certificate is in place.

cm2244a-cn::*> security certificate show -instance -vserver cm2244a-cn -common-name cm2244a-cn.cert

          FQDN or Custom Common Name: cm2244a-cn.cert
 Size of Requested Certificate(bits): 2048
              Certificate Start Date: Mon Sep 02 21:10:05 2013
         Certificate Expiration Date: Thu Aug 31 21:10:05 2023
              Public Key Certificate: -----BEGIN CERTIFICATE-----

 

Then you have to Enable SSL after the certificate is in place.

ssl modify -vserver cm2244a-cn -server-enabled true

Verify your results.

ssl show

If you would like more detail please visit this NetApp kb article.