No Output when using SSL cert for Admin | NetApp | Page 1

small prawn Sep 2, 2025, 5:45 PM

#

I enabled TLS in the httpsd section and when I curl curl -s 'http://<fqdn in cert>:9182/api/v1/sd' | jq . I get a set of empty brackets []. I also enabled TLS for the Exporter section and curl -s 'https://<fqdn in cert>:13001/metrics' provides everything for that poller just fine. When I remove the TLS config from the httpsd section, all the poller metric endpoints populate the []. Am I missing something?

solemn fiber Sep 2, 2025, 5:54 PM

#

Hi @small prawn can you check your harvest config by running, bin/harvest doctor and then paste your config by running bin/harvest doctor --print and pasting the results?

small prawn Sep 2, 2025, 5:59 PM

#

📎 message.txt

solemn fiber Sep 2, 2025, 6:01 PM

#

thanks! That looks good. Can you share the admin node log file and one of the poller log files? They can be uploaded to https://upload.nabox.org/toti-xija-jeki

small prawn Sep 2, 2025, 6:04 PM

#

Hmm, I don't see where the admin node log file is...I see the poller logs

solemn fiber Sep 2, 2025, 6:06 PM

#

the admin node logs to stdout and will depend on how you started it. If you started it in a terminal, you should see the logs there. E.g.

small prawn Sep 2, 2025, 6:13 PM

#

Uploaded...I am running harvest admin as a service

solemn fiber Sep 2, 2025, 6:21 PM

#

thanks. did you create the certs via bin/harvest admin tls create server?
Looks like there is a problem with the certificate - from your poller log file

time=2025-09-02T18:09:05.461Z level=ERROR source=poller.go:1271 msg="Failed connecting to admin node" Poller=fas01-dt err="tls: failed to verify certificate: x509: cannot validate certificate for 0.0.0.
0 because it doesn't contain any IP SANs" admin=0.0.0.0:9182

small prawn Sep 2, 2025, 6:22 PM

#

Ah, so I need to update the IP's to fqdn's in the poller configs?

#

I just realized I have FQDN's in the addr: config already

solemn fiber Sep 2, 2025, 6:29 PM

#

this failure is when the poller attempts to talk to the admin node via the admin node's heartbeat URL so that TLS failed message is saying the poller attempts an HTTPS PUT to the admin node, but the TLS handshake fails. When you created the admin node certificates did you specify --ip or --dnsname or did you take the defaults?

Earlier you mentioned that you did curl -s 'http://<fqdn in cert>:9182/api/v1/sd' | jq . did you mean via https, i.e. curl -s 'https://<fqdn in cert>:9182/api/v1/sd' | jq .

small prawn Sep 2, 2025, 6:29 PM

#

Oh, yes, sorry

solemn fiber Sep 2, 2025, 6:29 PM

#

no worries

small prawn Sep 2, 2025, 6:30 PM

#

My certs are signed

solemn fiber Sep 2, 2025, 6:31 PM

#

did you create them via bin/harvest admin tls create server?

small prawn Sep 2, 2025, 6:32 PM

#

No, Issuer: C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Organization Validation Secure Server CA

#

Is it the case where I should re issue the Cert and include the harvest servers IP in the SAN?

solemn fiber Sep 2, 2025, 6:34 PM

#

Try changing this section of your harvest.yml to match the IP defined in your cert

small prawn Sep 2, 2025, 6:38 PM

#

BOOM! It works now

#

Once again...Thanks!

#No Output when using SSL cert for Admin