Skip to main content
NetApp Knowledge Base

How to renew or recreate an ONTAP self-signed SSL certificate with the NetApp PowerShell Toolkit

Last Updated:

Applies to

  • ONTAP 9
  • NetApp PowerShell Toolkit


ONTAP uses self-signed certificates by default for SSL management access.  Those certificates have expiration dates.  To stay current with self-signed SSL certificates a recreation/renewal process is needed.  This article details one method through the NetApp.ONTAP PowerShell toolkit.  There is no downtime required to renew a certificate.  

Script Process
  1. Connecting to a cluster
  2. Collecting all existing certificates
  3. Ensuring the certificate is self-signed
  4. Creates a new certificate with the same properties as the previous one with a 10 year expiration
  5. Configures SSL on the SVM to use the new certificate
  6. Deletes the previous self-signed certificate
Note:  This is a community based script and therefore is supported by the community and not within the NetApp support organization.


1. Install the NetApp.ONTAP PowerShell Toolkit.

2. Install the NetAppSSLCertificateRenew Script.

3. Follow the syntax and usage as outlined in the help section of the script:

PS C:\> get-help NetAppSSLCertificateRenew -detailed

4. Ensure the current PowerShell Execution Policy allows the running of this script (note:  this script is not signed).  Consult your system administrator if the PowerShell Execution Policy needs to be changed.

PS C:\> Get-ExecutionPolicy -list

5. Execute the script when ready:

PS C:\> NetAppSSLCertificateRenew​​​​​

Additional Information

  • To manually renew/recreate self-signed SSL certificates follow this process.
  • To use a certificate from a Certificate Authority (CA) follow this process.


Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device