ECS: SSL Certificate upload Error 415 "Unsupported Media Type"
Summary: Certificate upload Error 415 - Unsupported Media Type
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
NOTICE:
Keep in mind there are many types of CAs and more than one way of Creating or Obtaining a Cert. This issue was found when a client Obtained a Cert from their CA. They Did NOT create a Cert, pass it to CA to have it signed. Instead the CA generated the Cert for them.
This issue has also been seen in multiple situations. The most commonly found is when the token is not formatted properly or the command using the token specifies the token type when the token already contains the type inside it. - See "TOKEN - 415 Unsupported Media Type"
Issue: Upload ERROR of CA signed Cert - 415 error "Unsupported Media Type"
When attempting to upload your CA signed Cert you might get an error "
415 Unsupported Media Type"
Example of Error: < HTTP/1.1 100 Continue < HTTP/1.1 415 Unsupported Media Type < Date: Mon, 05 Mar 2018 20:37:55 GMT < Content-Type: text/html;charset=iso-8859-1 < Content-Length: 349 < Connection: keep-alive < Cache-Control: must-revalidate,no-cache,no-store * HTTP error before end of send, stop sending < <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 415 </title> </head> <body> <h2>HTTP ERROR: 415</h2> <p>Problem accessing /object-cert/keystore. Reason: <pre> Unsupported Media Type</pre></p> <hr /><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.3.8.v20160314</a><hr/> </body> </html> * Closing connection 0 * SSLv3, TLS alert, Client hello (1):
Cause
If you see this error, it can be caused by one of two reasons:
1. The Token not being properly Generated
2. The cert is not being properly encoded.
Resolution
If you are not sure which one is the cause start with the TOKEN. There are known issues with the admin guide that directly relate to TOKEN 415 Errors.
TOKEN - 415 Unsupported Media Type
TOKEN - 415 Unsupported Media Type
When trying to Verify the SSL cert were successfully uploaded. The Command in the Admin Guide will not work for the token generated earlier following the admin guide process.
The command provided in the admin guide, as seen below will cause the 415 error if you generated your token according to the admin guide process.
The command provided in the admin guide, as seen below will cause the 415 error if you generated your token according to the admin guide process.
curl -svk -H "X-SDS-AUTH-TOKEN: $TOKEN" https://x.x.x.x:4443/vdc/keystore
This command specifies the TOKEN Type, which should already be inside the token.
First Check to your token value stored.
Example:
echo $TOKENYour TOKEN should look like the following. The beginning of the token contains the type "X-SDS-AUTH-TOKEN", which is the token type.
Example:
admin@provo:~> echo $TOKEN X-SDS-AUTH-TOKEN: BAAcZzJLcFFrRUVEY3FVRXNTaGhVd2pOM29wdHBZPQMAjAQASHVybjpzdG9yYWdlb3M6VmlydHVhbERhdGFDZW50ZXJEYXRhOmZkYzJhMDg2LTQzMGEtNGU3ZC04ZmNiLTU2MDA3ZDFmOWU4NgIADTE1MjM4OTI3NTQwNTQDAC51cm46VG9rZW46NjI3OGZkZmEtZTJlNS00MmNlLThlMGQtNTE1YTliZGNjOWJjAgAC0A8=
If your TOKEN does not contain the token type use the following command to generate a new TOKEN with token type. Remember that the user must have root privileges if not using the root user. Also remember to check your token after generating it.
See end of next section for example of a successful upload.
If you are still experiencing issues try the next section, it might be the Cert itself causing the 415 error.
Cert Format incorrect - 415 Unsupported Media Type.
export TOKEN=`curl -s -k -v -u root:ChangeMe https://$(hostname -i):4443/login 2>&1 | grep X-SDS-AUTH-TOKEN | awk '{print $2, $3}'` Next we must look at the Command using the TOKEN. The beginning of the command should look like the following:
curl -svk -H "$TOKEN"...The "-H" in the command specifies that there is going to be a "TYPE" that must be specified. Because our token contains the type inside we do not need to specify it in the command. If your command looks like the following, it fails to use the method previously outlined to generate the token.
"X-SDS-AUTH-TOKEN: X-SDS-AUTH-TOKEN: BAAcZzJLcFFrRUVEY3FVRXNTaGhVd2pOM29wdHBZPQMAjAQASHVybjpzdG9yYWdlb3M6VmlydHVhbERhdGFDZW50ZXJEYXRhOmZkYzJhMDg2LTQzMGEtNGU3ZC04ZmNiLTU2MDA3ZDFmOWU4NgIADTE1MjM4OTI3NTQwNTQDAC51cm46VG9rZW46NjI3OGZkZmEtZTJlNS00MmNlLThlMGQtNTE1YTliZGNjOWJjAgAC0A8="To fix this 415 error simply remove the "X-SDS-AUTH-TOKEN" from the command. Ensure that all other syntax is correct and run the new command.
See end of next section for example of a successful upload.
If you are still experiencing issues try the next section, it might be the Cert itself causing the 415 error.
Use the following command to encode your file with x509 encoding. Replace the "/Path/FileName.cer" with the location and file name of you .cer file and replace the "/Path/FileName2.pem" with the location and new name using the .pem extension.
openssl x509 -in /Path/FileName.cer -outform pem -out /path/FileName2.pem
After encoding the .pem file try to reupload your Cert. Below is an example of a successful upload.
Successful upload: ~> curl -svk -H "$TOKEN" -H "Content-type: application/xml" -H "X-EMC-REST-CLIENT: TRUE" -X PUT -d "<rotate_keycertchain><key_and_certificate><private_key>`cat edhapecsp515.broadrdige.net.nopass.key`</private_key><certificate_chain>`cat edhapecsp515.broadridge.net.pem`</certificate_chain></key_and_certificate></rotate_keycertchain>" https://$(hostname -i):4443/object-cert/keystore * Hostname was NOT found in DNS cache * Trying 10.133.135.60... * Connected to 10.133.135.60 (10.133.135.60) port 4443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs/ * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using TLSv1.0 / ECDHE-RSA-AES256-SHA * Server certificate: * subject: C=US; ST=California; L=El Dorado Hills; O=DST Output; OU=Support Services; OU=For Intranet Use Only; CN=edhapecsp515.otprod.dstcorp.net * start date: 2017-03-01 00:00:00 GMT * expire date: 2018-03-02 23:59:59 GMT * issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Secure Server CA - G4 * SSL certificate verify result: certificate has expired (10), continuing anyway. > PUT /object-cert/keystore HTTP/1.1 > User-Agent: curl/7.37.0 > Host: 10.133.135.60:4443 > Accept: */* > X-SDS-AUTH-TOKEN: BAAcK1FBV1RmclVaVGEwMTd3L0NHb21xTTkrZTdVPQMAjAQASHVybjpzdG9yYWdlb3M6VmlydHVhbERhdGFDZW50ZXJEYXRhOjY0ZTVkODVmLTQ4ZmQtNDY0NC05NGUwLWM4MDNhYWMwMjQ3MwIADTE1MjAyNzAxNzU3MjkDAC51cm46VG9rZW46MGJjMDhhOGQtM2E3Ni00OTI0LTg4ZTUtMmJmNWVhNzEwZWZhAgAC0A8= > Content-type: application/xml > X-EMC-REST-CLIENT: TRUE > Content-Length: 7596 > Expect: 100-continue > < HTTP/1.1 100 Continue < HTTP/1.1 200 OK < Date: Mon, 05 Mar 2018 20:46:59 GMT < Content-Type: application/xml < Content-Length: 5706 < Connection: keep-alive FOLLOWED BY CERTIFICATE INFO
Affected Products
Elastic Cloud StorageProducts
ECS Appliance, Elastic Cloud StorageArticle Properties
Article Number: 000155556
Article Type: Solution
Last Modified: 16 Sept 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.