Skip to main content
NetApp Knowledge Base

Search

  • Filter results by:
    • View attachments
    Searching in
    About 11 results
    • https://kb.netapp.com/Legacy/ONTAP/7Mode/How_to_renew_an_SSL_certificate_in_Data_ONTAP_7-Mode
      This article describes the procedure to be followed to renew an SSL certificate on Data ONTAP 7-Mode storage systems. Over time this has made the 512 Keylength no longer valid, which means that any SS...This article describes the procedure to be followed to renew an SSL certificate on Data ONTAP 7-Mode storage systems. Over time this has made the 512 Keylength no longer valid, which means that any SSL Certificate running 512 needs to be recreated with a length of 1024 or 2048. You can confirm the current SSL Certificate keylength by running the following Syntax from the Ontap Write on the /etc of the storage system the new certificate (if you are using a vFiler, refer to the /etc of the vFiler)
    • https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/Renew_TLS_SSL_Certificate_in_ONTAP_9_Resolution_Guide
      This article describes the procedure to renew an SSL certificate in ONTAP 9 storage systems. The default certificate expires after 365 days.The procedure is the same for other SSL certificates used by...This article describes the procedure to renew an SSL certificate in ONTAP 9 storage systems. The default certificate expires after 365 days.The procedure is the same for other SSL certificates used by any SVM/Vserver.
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_install_a_root-ca_certificate_for_AD_LDAP
      KB article covers how to export and Install a Root CA Certificate for AD LDAP on ONTAP CLI"
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_renew_an_ONTAP_self-signed_SSL_certificate_via_command_line
      This article contains a video and procedure describing how to renew an SSL self-signed certificate on the command line in ONTAP 9 storage systems.
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/NSE__How_can_I_renew_expired_NSE_certificates_connected_to_TKLM_or_SKLM_key_servers
      In case there is a loss of power during the certificate replacement procedures, manually re-key the drives to default Key ID 0x0 temporarily before replacing the certificates. Run: disk encrypt rekey ...In case there is a loss of power during the certificate replacement procedures, manually re-key the drives to default Key ID 0x0 temporarily before replacing the certificates. Run: disk encrypt rekey <Key-ID> * (This is the Key ID from Step 1b above, the Key ID should also be on the key_manager query output) Rekeying the drives to default KeyID 0x0 will allow full access to the data on the encryption drives without the requirement for key server authentication.
    • https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/cluster_certificate_is_expired_or_SSL_is_not_enabled_for_the_admin_SVM
      Applies to OnCommand Unified Manager (UM) ActiveIQ Unified Manager (UM) Storage Virtual Machine (SVM) Issue The following email notification is received from UM: Alert from Active IQ Unified Manager: ...Applies to OnCommand Unified Manager (UM) ActiveIQ Unified Manager (UM) Storage Virtual Machine (SVM) Issue The following email notification is received from UM: Alert from Active IQ Unified Manager: Cluster Not Reachable In addition to this, one or both of the following conditions will be present on the cluster SSL certificate presented by the cluster is expired SSL service on the admin SVM is disabled
    • https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/Unified_Manager_performance_collection_fails_because_the_cluster_certificate_is_expired
      ActiveIQ Unified Manager (UM) Performance data might be missing when reviewing volume performance charts. When viewing the Performance / Volumes page in the UM web interface the columns Latency, IOPS,...ActiveIQ Unified Manager (UM) Performance data might be missing when reviewing volume performance charts. When viewing the Performance / Volumes page in the UM web interface the columns Latency, IOPS, MBps display N/A instead of performance data Get the following error in ocumserver.log: 2023-02-18 00:10:02,841 WARN [oncommand] [reconciliation-0] [c.n.d.c.ClusterStatusListener] Acquisition Failed for cluster : Cluster1 message : Certificate with CN: Cluster1 is expired or not yet valid.
    • https://kb.netapp.com/on-prem/ontap/DM/System_Manager/SM-KBs/How_to_install_a_Certificate_Authority_CA_signed_certificate_using_ONTAP_CLI
      To establish trust between the browser used to access System Manager and the cluster SVM, you can install a Certificate Authority (CA) signed certificate using the ONTAP CLI. By default, the cluster S...To establish trust between the browser used to access System Manager and the cluster SVM, you can install a Certificate Authority (CA) signed certificate using the ONTAP CLI. By default, the cluster SVM utilizes a self-signed certificate for HTTPS access, which may not be automatically trusted by the browser.
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_renew_or_recreate_an_ONTAP_self-signed_SSL_certificate_with_the_NetApp_PowerShell_Toolkit
      If using ONTAP 9.10.1 or newer follow How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager. Creates a new certificate with the same properties as the previous one with a 10 yea...If using ONTAP 9.10.1 or newer follow How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager. Creates a new certificate with the same properties as the previous one with a 10 year expiration Note: This is a community based script and therefore is supported by the community and not within the NetApp support organization. Ensure the current PowerShell Execution Policy allows the running of this script (note: this script is not signed).
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_replace_SSL_certificates_on_cluster_with_external_key_manager_configured
      The external key management server is a third-party system in your storage environment that serves authentication keys to nodes using the Key Management Interoperability Protocol (KMIP). The time must...The external key management server is a third-party system in your storage environment that serves authentication keys to nodes using the Key Management Interoperability Protocol (KMIP). The time must be synchronized on the server creating the certificates, the KMIP server, and the cluster Note: You can install the client and server certificates on the KMIP server before or after installing the certificates on the cluster.
    • https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/How_to_configure_communication_between_ONTAP_and_Service_Processor_SP_or_BMC_with_Certificate_Authority_CA_signed_certificates
      ONTAP 9.5 and greater includes Feature Request 1172908 which supports secure communication with the service-processor (SP) or BMC through Certificate Authority (CA) signed certificates. If the SP API ...ONTAP 9.5 and greater includes Feature Request 1172908 which supports secure communication with the service-processor (SP) or BMC through Certificate Authority (CA) signed certificates. If the SP API port is queried for certificates after this process is complete, the same certificate will be returned for each SP/BMC in the cluster.