Skip to main content
NetApp Knowledge Base

How to configure communication between ONTAP and Service Processor (SP) or BMC with Certificate Authority (CA) signed certificates

Views:
216
Visibility:
Public
Votes:
0
Category:
aff-series
Specialty:
hw
Last Updated:

Applies to

  • ONTAP 9.5+
  • SP / BMC
  • NOT supported on the AFF-A700s platform

Description

ONTAP 9.5 and greater includes Feature Request 1172908 which supports secure communication with the service-processor (SP) or BMC through Certificate Authority (CA) signed certificates.  In order to use the system service-processor api-service enable-installed-certificates process, the following three certificate types must be installed:

  • Root-CA certificate
  • Server certificate
  • Client certificate
Considerations
  • Overall best practice is to be on an ONTAP recommended release and current Service Processor or BMC firmware.
  • This process is nondisruptive to serving data within the ONTAP cluster.
  • The SP API service uses port 50000 by default.  It can be modified to use another port if desired.
  • The SP API provides internal communication within the cluster.  If the SP API port is queried for certificates after this process is complete, the same certificate will be returned for each SP/BMC in the cluster.

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support