Quick tip – EMC: Certificate issues after NavisecCLI upgrade

Quick tip….. I recently upgraded naviseccli to version 7.33.6.0.96 

This is a really quick update so on my dual screen setup, I kicked off the installer in the left monitor while I worked on other tasks on the right. Cool, it’s just Next, next, next right ? Finished in a few minutes.

Cue next morning when I noticed that, for only one of my arrays, a scheduled health check script did not execute, so decided to open up naviseccli and see what was up. Just to check comms, I attempted a faults -list;

14-04-2015 10-34-45 PM

The full error/warning text ” Warning: Cannot confirm the connection to the server is secure. The certificate presented by this server was issued for a different server name or IP address than what was supplied on the command line” With an option to accept for this session, store the certificate locally or reject the certificate.

Obviously nothing had been changed on the array, but this was going to stop any scripts from executing against it without intervention, and that’s not cool.

Executing the command against the SP ip address worked though.

14-04-2015 10-41-37 PM

This array has been moved around, and is approaching EOL and has not had the SP SSL certs updated accordingly. It doesn’t need to, it’s not important.

So let’s check which certs are stored locally;

The pixelation is masking it, but this shows that the default, self signed certs have the ip address and not the hostname in the SUBJECT.

14-04-2015 10-39-46 PM

Then I had a lightbulb moment, that the naviseccli installer had some option about strict cert checking. So i have 2 options, fix the certs or lower the cert verification checking level. In this case, all things considered the second option is the pragmatic option 🙂 ****

Easily done;

.14-04-2015 10-51-24 PM     14-04-2015 10-51-38 PM

14-04-2015 10-51-51 PM  << Change this option to “Low”

14-04-2015 10-52-05 PM     14-04-2015 10-52-20 PM
……and of course, everything was good again.

14-04-2015 10-52-29 PM

 

 

 **** I thoroughly recommend that you replace the default self signed certs on your arrays and will cover how to do this in a future post.

10 thoughts on “Quick tip – EMC: Certificate issues after NavisecCLI upgrade

  1. Thanks for this Brett. I was going a little crazy trying to figure out why my script would run fine manually but the scheduled task kept coming up with a similar certificate error output!

  2. Thanks for this Brett. I was going a little crazy trying to figure out why my script would run fine manually but the scheduled task kept coming up with a similar certificate error output!

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: