通过 AWS S3 专用链路将内部备份从 HTTP 转换为 HTTPS 失败,并显示证书或连接错误
适用场景
- Cloud Manager
- 在内部启用备份
- AWS S3
- AWS S3 专用链路
- HTTPS
- 路径样式 URL
- 云备份服务( CBs )
- 非默认 IP 空间中的集群间 LIF
问题描述
[1][2] 在 ONTAP 命令行界面上,通过 AWS VPC 端点接口通过 AWS S3 专用链路将 Cloud Backup 从内部迁移到 AWS S3 时,从 HTTP 转换到 HTTPS 失败,并显示证书或连接错误
OnPremCluster::*>snapmirror object-store config modify -is-ssl-enabled true -is-certificate-validation-enabled true -object-store-name netapp-backup-15d64678-1bc9-11ec-950d-95d34ca056b5 -port 443
Error: command failed: Failed to modify object store configuration during config modify for Vserver "OnPremCluster", object store "netapp-backup-15d64678-1bc9-11ec-950d-95d34ca056b5". (confirmation needed)
OnPremCluster::*>set -confirmations off
OnPremCluster::*>snapmirror object-store config modify -is-ssl-enabled true -is-certificate-validation-enabled true -object-store-name netapp-backup-15d64678-1bc9-11ec-950d-95d34ca056b5 -port 443
Error: command failed: Failed to modify object store configuration during config modify for Vserver "OnPremCluster", object store "netapp-backup-15d64678-1bc9-11ec-950d-95d34ca056b5". (Cannot verify availability of the object store from node OnPremCluster-01. Reason: Cannot verify the certificate given by the object store server. It is possible that the certificate has not been installed on the cluster. Use the 'security certificate install -type server-ca' command to install it..)
OnPremCluster::*>snapmirror object-store config modify -is-ssl-enabled true -is-certificate-validation-enabled false -object-store-name netapp-backup-15d64678-1bc9-11ec-950d-95d34ca056b5 -port 443
Error: command failed: Failed to modify object store configuration during config modify for Vserver "OnPremCluster", object store "netapp-backup-15d64678-1bc9-11ec-950d-95d34ca056b5". (Certificate validation must be enabled for object store provider AWS_S3.)
OnPremCluster::*>set -confirmations on