Skip to main content
NetApp Knowledgebase

How to generate and convert a signed certificate for Active IQ Unified Manager

Views:
1,942
Visibility:
Public
Votes:
0
Category:
oncommand-unified-manager
Specialty:
om
Last Updated:

Applies to

  • OnCommand Performance Manager 2.x ( OCPM )
  • OnCommand Unified Manager 6.x ( OCUM )
  • OnCommand Unified Manager 7.x ( OCUM )
  • OnCommand Unified Manager 9.4 ( OCUM )
  • OnCommand Unified Manager 9.5 ( OCUM )
  • Active IQ Unified Manager 9.6 ( AIQUM )
  • Active IQ Unified Manager 9.7+ ( AIQUM )

Description

OnCommand Unified Manager (UM) Version Independent
OnCommand Performance Manager (OPM) Version Independent

This guide documents the process to generate and install a CA signed certificate into UM or OPM, and how to resolve common errors encountered during this process.

Things to be aware of:

  • The certificate may be signed and downloaded in several formats from the CA server; however, Unified Manager and Performance Manager expect the signed certificate to be in the .pem format. The .pem certificate must be base64 encoded. Renaming a .cer certificate to a .pem certificate will not work.
  • Some signing authorities may not include the root certificate or the server certificate when the chain is downloaded. UM and OPM expect the chain to include the server certificate, one or more intermediate certificates, and the root certificate.
  • The order the certificates are placed within the chain is important. UM and OPM expect the certificate chain to be in this order, from top to bottom: server, intermediate, root.
  • There is a known issue with UM 9.4 and 9.4P1 - the 'Alternative Names' cannot be blank. This is documented in Bug 1164539: The Setup/HTTPS Certificate page does not load after a certificate is generated without alternative names and has been fixed in UM 9.5 and later.

One of the following messages may be displayed when trying to install the signed certificate:

  • Failed to install certificate: A valid full certificate chain from the host certificate to the Certificate Authority's certificate must be provided.
  • Failed to install certificate: Input certificate's public key differs from the existing certificate's public key. The keys must match.

     

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support