Isilon: Error 18 at 0 depth lookup during Encrypted SyncIQ configuration
Summary: Receiving an Error 18 at 0 depth message when validating the certificate signing request for the source or target cluster
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
While setting up Encrypted SyncIQ, you receive the following message during the csr validation step:
# openssl verify -CAfile ca.pem source.pem source.pem: C = US, ST = CA, L = xxxx, O = xxxx, OU = PS, CN = xxxx, emailAddress = xxx@xxx.com error 18 at 0 depth lookup:self signed certificate OK
Cause
What this says is that at 0 depth (that is the top of the signer tree), it hit a self-signed certificate, but this certificate was not trusted. Since OpenSSL cannot verify any of the signers of the certificate, it cannot verify the certificate. Since this is a fatal problem, it produces the above error.
The most common cause:
When creating the certificate signing request files (.csr), you have answered the question identically for the Common Name used in CA self-signed .csr and the current .csr you have generated.
The most common cause:
When creating the certificate signing request files (.csr), you have answered the question identically for the Common Name used in CA self-signed .csr and the current .csr you have generated.
Resolution
When you run the openssl req -new -newkey command to generate the .csr, there must be some variation between the Common name field when generating the CA certificate versus the source/target certificates. The following field cannot be identical between .csr's:
Common Name (e.g. server FQDN or YOUR name) []:
Affected Products
Isilon, Isilon Scale-out NAS, Isilon SyncIQArticle Properties
Article Number: 000196764
Article Type: Solution
Last Modified: 29 Jun 2023
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.