跳转到主内容

第三方中间证书链出现 ONTAP S3" 无法获取本地颁发者证书 " 错误

Views:
8
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core<a>2008703265</a>
Last Updated:

适用场景

  • ONTAP S3
  • 签名证书
  • ONTAP 9.7 及更高版本

问题描述

使用第三方签名证书链时, ONTAP S3 服务器不会发送整个证书链,因此验证失败:

# curl -I https://<URL/ -v
* Expire in 0 ms for 6 (transfer 0x5623be65fdd0)
...
* Expire in 0 ms for 1 (transfer 0x5623be65fdd0)
*   Trying 172.16.XX.XX...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5623be65fdd0)
* Connected to s3.local (172.16.XX.XX) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device