Quick tip – EMC: Certificate issues after NavisecCLI upgrade

Quick tip….. I recently upgraded naviseccli to version 7.33.6.0.96 

This is a really quick update so on my dual screen setup, I kicked off the installer in the left monitor while I worked on other tasks on the right. Cool, it’s just Next, next, next right ? Finished in a few minutes.

Cue next morning when I noticed that, for only one of my arrays, a scheduled health check script did not execute, so decided to open up naviseccli and see what was up. Just to check comms, I attempted a faults -list;

The full error/warning text ” Warning: Cannot confirm the connection to the server is secure. The certificate presented by this server was issued for a different server name or IP address than what was supplied on the command line” With an option to accept for this session, store the certificate locally or reject the certificate.

Obviously nothing had been changed on the array, but this was going to stop any scripts from executing against it without intervention, and that’s not cool.

Executing the command against the SP ip address worked though.

This array has been moved around, and is approaching EOL and has not had the SP SSL certs updated accordingly. It doesn’t need to, it’s not important.

So let’s check which certs are stored locally;

The pixelation is masking it, but this shows that the default, self signed certs have the ip address and not the hostname in the SUBJECT.

Then I had a lightbulb moment, that the naviseccli installer had some option about strict cert checking. So i have 2 options, fix the certs or lower the cert verification checking level. In this case, all things considered the second option is the pragmatic option 🙂 ****

Easily done;

.     

  << Change this option to “Low”

     
……and of course, everything was good again.

 **** I thoroughly recommend that you replace the default self signed certs on your arrays and will cover how to do this in a future post.