尽管 truststore 中存在 root-ca ，但对象存储证书验证仍失败

• ONTAP 9
• FabricPool
• S3 证书验证

• 如果为 FabricPool 聚合启用了证书验证，则证书验证将失败：

myclus::> aggregate object-store config modify -object-store-name my-obj-store-cfg -is-certificate-validation-enabled true Warning: Modifying the server, port, IPspace, SSL-enabled state, or SSL/TLS certificate validation will disrupt object store access for several seconds. Do you want to continue? {y|n}: y Error: command failed: Cannot verify availability of the object store from node myclus-node-01. Reason: Cannot verify the certificate given by the object store server. It is possible that the certificate has not been installed on the cluster. Use the 'security certificate install -type server-ca' command to install it..

• 用于签署 S3 端点服务器证书的证书颁发机构将在 server-ca FabricPool 集群管理 -vserver 信任存储下注册为类型，因此上述错误毫无意义：

myclus::> security certificate truststore check -vserver myclus -server somebucket.company.local
CA certificate with cert-name "fabricpool-ca_cert" is already installed. Use "security certificate show -cert-name fabricpool-ca_cert" to see the details of the CA certificate.

::> security certificate show -cert-name fabricpool-ca_cert
Vserver    Serial Number   Certificate Name                       Type
---------- --------------- -------------------------------------- ------------
myclus     1234567890      fabricpool_ca_cert                server-ca
    Certificate Authority: company_rootca
          Expiration Date: Fri May 13 13:13:13 2032