All Apps and Add-ons

Splunk Add-on for NetApp Data ONTAP: After install, why do I receive several SSL errors "[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure"?


Hi, I've installed the Splunk Add-on for NetApp Data ONTAP to collect data from each of our devices. Unfortunately it's not working. I may be missing something obvious, but I thought I'd ask anyway. The server is running Splunk 6.6.0, the Splunk Add-on for NetApp Data ONTAP is version 2.15 and the OS is Oracle Linux Server release 6.9.
I'm getting the following error in /opt/splunk/var/log/splunk/ta_ontap_conf_service.log.

2017-05-20 12:41:36,323 ERROR [TAOntapConfService] [_validate_ontap_server] Could not interact with ontap on host=, error: [OntapClient] Client Side Code Error 13001: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676)
2017-05-20 12:41:36,335 INFO [TAOntapConfService] [_validate_ontap_server] successfully updated stanza=uigen:-272584:625 credential_validation=False connection_validation=False per_target_credential_validation=['Invalid'] per_target_connection_validation=['Invalid']

Pulling the SSL cert from a device looks to be in order:

$ echo | openssl s_client -showcerts -connect XXX.XXX.XXX.XXX:443 2>/dev/null | openssl x509 -inform pem -noout -text
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=IBM#42342342, C=US, ST=CA, L=Sunnyvale, O=yourcompany, OU=yourunit/
            Not Before: Jul 16 11:05:36 2015 GMT
            Not After : Jul 12 11:05:36 2030 GMT
        Subject: CN=IBM#42342342, C=US, ST=CA, L=Sunnyvale, O=yourcompany, OU=yourunit/
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (512 bit)
                    some HEX values
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
    Signature Algorithm: sha256WithRSAEncryption
         some more HEX values

Any ideas?

Splunk Employee
Splunk Employee

there has been a new version 2.1.6 released on Friday and they changed some SSL settings.

I have seen customers created new certificates with weird parameters (512 or 1024 bit RSA!).

It looks like the TA is now officially supported by Splunk Enterprise 6.6.x.

Good luck.

One additional hint:
Try to connect to you NetApp server using cURL:

curl -ivvvk https://my_netapp_server

It will show you the negotiated algorithms...
If there is something like "SSL connection using DES-CBC3-SHA" shown, than you might check the SSL settings on both ends.
This is 56 bit and so 1990!

This URL might give some more details regarding the algorithms and ciphers in use:


Path Finder

Thanks for the information. Version 2.1.6 corrected the issues that I was having. I can now add my 7-mode filers.


0 Karma

Path Finder

I am getting the same error with 6.6.1 and Splunk_TA_ontap 2.15. I can successfully poll my C-mode filers but I cannot poll any of my 7-mode controllers. (SSLV3_ALERT_HANDSHAKE_FAILURE)

I logged a case with Splunk Support to see what the say.

0 Karma

Path Finder

Hi, archspangler , is there anything update? I need to deploy Ontap Add-on 2.1.5 on splunk 6.4, and the device release version is netapp 8.2 with 7-mode, any ideas please? Thx

0 Karma

New Member

Hi Steve, I've installed this App and Add-On successfully, I was wondering if you are following this document:

In my deployment, we had to install in the HF the Add-On, and the App + Add On in the indexer.

Also, which mode is the NetApp running?

0 Karma
Get Updates on the Splunk Community!

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...