- ONTAP 9.5+
- SP / BMC
- NOT supported on the AFF-A700s platform
ONTAP 9.5 and greater includes Feature Request 1172908 which supports secure communication with the service-processor (SP) or BMC through Certificate Authority (CA) signed certificates. In order to use the system service-processor api-service enable-installed-certificates process, the following three certificate types must be installed:
- Root-CA certificate
- Server certificate
- Client certificate
- Overall best practice is to be on an ONTAP recommended release and current Service Processor or BMC firmware.
- This process is nondisruptive to serving data within the ONTAP cluster.
- The SP API service uses port 50000 by default. It can be modified to use another port if desired.
- The SP API provides internal communication within the cluster. If the SP API port is queried for certificates after this process is complete, the same certificate will be returned for each SP/BMC in the cluster.