Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

What are the requirements around setting custom SSL certificates in Element Software?

Last Updated:

Applies to

  • Element Software versions 12.2 and above
  • Element Management Node (mNode)


By default, Element Software and its associated management node (mNode) are packaged with certificates meeting the requirements below as of version 12.2.

Certificate Requirements:

  • PEM encoding (x509)
  • ExtendedKeyUsage (EKU) is set (x509v3)
  • Certificate length of 2048 bits or more (this is a requirement for using for Multifactor Authentication (MFA))

The default certificates are self-signed. Custom certificates (for example, certificates signed by a third party Certificate Authority (CA)) can be installed on Element storage clusters and their accompanying mNodes provided they meet the above requirements.

Environmental Requirements:

Ensure that the certificate being installed is allowed by any firewalls in the network path.

To check the certificate policy's URL to be allowed/added to the firewall's exception list:

  • in a web broswer, review the certificate in the Cluster UI
  • click on the lock icon in web browser and select Certificate > Certification Path > Organization's certificate
  • in the window that pops up, select Details > Certificate Policy
  • The URL for this certificate policy should be at the bottom -- this URL needs to be allowed by the firewall

Setting the Custom Certificate:

Once obtained, custom certificates can be then be set via various API-driven methods on both the Element cluster and mNode. See, for instance:

Additional Information


If any of the above requirements are not in place, the SetSSLCertificate (Element) or SetNodeSSLCertificate (mNode) API will fail with an error message. See, for instance:

Related Topics

For information on using MFA with Element Software, see Where is the Element Multi-factor Authentication guide located?

For information on using FIPS with Element Software, see Enabling FIPS 140-2 for HTTPS on your cluster.

For information on Ciphers in the context of SSL on Element, see the 'TLS and SSL' section of the guide linked from Where is the HCI Hardening guide located?


Scan to view the article on your device


  • Was this article helpful?