All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for NetApp Data ONTAP: After install, why do I receive several SSL errors "[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure"?

cdstealer
Contributor
‎05-20-2017 04:52 AM

Hi, I've installed the Splunk Add-on for NetApp Data ONTAP to collect data from each of our devices. Unfortunately it's not working. I may be missing something obvious, but I thought I'd ask anyway. The server is running Splunk 6.6.0, the Splunk Add-on for NetApp Data ONTAP is version 2.15 and the OS is Oracle Linux Server release 6.9.
I'm getting the following error in /opt/splunk/var/log/splunk/ta_ontap_conf_service.log.

2017-05-20 12:41:36,323 ERROR [TAOntapConfService] [_validate_ontap_server] Could not interact with ontap on host=https://10.180.139.235, error: [OntapClient] Client Side Code Error 13001: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676)
None
2017-05-20 12:41:36,335 INFO [TAOntapConfService] [_validate_ontap_server] successfully updated stanza=uigen:-272584:625 credential_validation=False connection_validation=False per_target_credential_validation=['Invalid'] per_target_connection_validation=['Invalid']

Pulling the SSL cert from a device looks to be in order:

$ echo | openssl s_client -showcerts -connect XXX.XXX.XXX.XXX:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=IBM#42342342, C=US, ST=CA, L=Sunnyvale, O=yourcompany, OU=yourunit/emailAddress=admin@yourcompany.com
        Validity
            Not Before: Jul 16 11:05:36 2015 GMT
            Not After : Jul 12 11:05:36 2030 GMT
        Subject: CN=IBM#42342342, C=US, ST=CA, L=Sunnyvale, O=yourcompany, OU=yourunit/emailAddress=admin@yourcompany.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (512 bit)
                Modulus:
                    some HEX values
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         some more HEX values

Any ideas?
T.I.A.
Steve

Reply

hsesterhenn_spl
Splunk Employee
Splunk Employee
‎07-09-2017 09:49 AM

Hi,
there has been a new version 2.1.6 released on Friday and they changed some SSL settings.

I have seen customers created new certificates with weird parameters (512 or 1024 bit RSA!).

It looks like the TA is now officially supported by Splunk Enterprise 6.6.x.

Good luck.

P.S.
One additional hint:
Try to connect to you NetApp server using cURL:

curl -ivvvk https://my_netapp_server

It will show you the negotiated algorithms...
If there is something like "SSL connection using DES-CBC3-SHA" shown, than you might check the SSL settings on both ends.
This is 56 bit and so 1990!

This URL might give some more details regarding the algorithms and ciphers in use:
https://unix.stackexchange.com/questions/208437/how-to-convert-ssl-ciphers-to-curl-format

Holger

Reply

archspangler
Path Finder
‎07-10-2017 01:15 PM

Thanks for the information. Version 2.1.6 corrected the issues that I was having. I can now add my 7-mode filers.

-Archie

0 Karma
Reply

archspangler
Path Finder
‎06-20-2017 08:47 AM

I am getting the same error with 6.6.1 and Splunk_TA_ontap 2.15. I can successfully poll my C-mode filers but I cannot poll any of my 7-mode controllers. (SSLV3_ALERT_HANDSHAKE_FAILURE)

I logged a case with Splunk Support to see what the say.

0 Karma
Reply

aojie654
Path Finder
‎03-13-2019 08:12 PM

Hi, archspangler , is there anything update? I need to deploy Ontap Add-on 2.1.5 on splunk 6.4, and the device release version is netapp 8.2 with 7-mode, any ideas please? Thx

0 Karma
Reply

jpbonilla
New Member
‎05-23-2017 08:18 AM

Hi Steve, I've installed this App and Add-On successfully, I was wondering if you are following this document: http://docs.splunk.com/Documentation/NetApp/2.1.5/DeployNetapp/WhataSplunkAppforNetAppDataONTAPdeplo...

In my deployment, we had to install in the HF the Add-On, and the App + Add On in the indexer.

Also, which mode is the NetApp running?

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
li.common.scroll-to.top