Search

How to renew an SSL certificate in Data ONTAP 7-Mode
https://kb.netapp.com/Legacy/ONTAP/7Mode/How_to_renew_an_SSL_certificate_in_Data_ONTAP_7-Mode
This article describes the procedure to be followed to renew an SSL certificate on Data ONTAP 7-Mode storage systems. Over time this has made the 512 Keylength no longer valid, which means that any SS...This article describes the procedure to be followed to renew an SSL certificate on Data ONTAP 7-Mode storage systems. Over time this has made the 512 Keylength no longer valid, which means that any SSL Certificate running 512 needs to be recreated with a length of 1024 or 2048. You can confirm the current SSL Certificate keylength by running the following Syntax from the Ontap Write on the /etc of the storage system the new certificate (if you are using a vFiler, refer to the /etc of the vFiler)
Renew TLS/SSL Certificate in ONTAP 9 - Resolution Guide
https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/Renew_TLS_SSL_Certificate_in_ONTAP_9_Resolution_Guide
This article describes the procedure to renew an SSL certificate in ONTAP 9 storage systems. The default certificate expires after 365 days.The procedure is the same for other SSL certificates used by...This article describes the procedure to renew an SSL certificate in ONTAP 9 storage systems. The default certificate expires after 365 days.The procedure is the same for other SSL certificates used by any SVM/Vserver.
How to install a root-ca certificate for AD LDAP
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_install_a_root-ca_certificate_for_AD_LDAP
KB article covers how to export and Install a Root CA Certificate for AD LDAP on ONTAP CLI"
How to renew an ONTAP self-signed SSL certificate via command line
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_renew_an_ONTAP_self-signed_SSL_certificate_via_command_line
This article contains a video and procedure describing how to renew an SSL self-signed certificate on the command line in ONTAP 9 storage systems.
NSE: How can I renew expired NSE certificates connected to TKLM or SKLM key servers?
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/NSE__How_can_I_renew_expired_NSE_certificates_connected_to_TKLM_or_SKLM_key_servers
In case there is a loss of power during the certificate replacement procedures, manually re-key the drives to default Key ID 0x0 temporarily before replacing the certificates. Run: disk encrypt rekey ...In case there is a loss of power during the certificate replacement procedures, manually re-key the drives to default Key ID 0x0 temporarily before replacing the certificates. Run: disk encrypt rekey <Key-ID> * (This is the Key ID from Step 1b above, the Key ID should also be on the key_manager query output) Rekeying the drives to default KeyID 0x0 will allow full access to the data on the encryption drives without the requirement for key server authentication.
The cluster is not reachable in UM because the cluster certificate is expired or SSL is not enabled for the admin SVM
https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/cluster_certificate_is_expired_or_SSL_is_not_enabled_for_the_admin_SVM
Applies to OnCommand Unified Manager (UM) ActiveIQ Unified Manager (UM) Storage Virtual Machine (SVM) Issue The following email notification is received from UM: Alert from Active IQ Unified Manager: ...Applies to OnCommand Unified Manager (UM) ActiveIQ Unified Manager (UM) Storage Virtual Machine (SVM) Issue The following email notification is received from UM: Alert from Active IQ Unified Manager: Cluster Not Reachable In addition to this, one or both of the following conditions will be present on the cluster SSL certificate presented by the cluster is expired SSL service on the admin SVM is disabled
Unified Manager performance collection fails because the cluster certificate is expired
https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/Unified_Manager_performance_collection_fails_because_the_cluster_certificate_is_expired
ActiveIQ Unified Manager (UM) Performance data might be missing when reviewing volume performance charts. When viewing the Performance / Volumes page in the UM web interface the columns Latency, IOPS,...ActiveIQ Unified Manager (UM) Performance data might be missing when reviewing volume performance charts. When viewing the Performance / Volumes page in the UM web interface the columns Latency, IOPS, MBps display N/A instead of performance data Get the following error in ocumserver.log： 2023-02-18 00:10:02,841 WARN [oncommand] [reconciliation-0] [c.n.d.c.ClusterStatusListener] Acquisition Failed for cluster : Cluster1 message : Certificate with CN: Cluster1 is expired or not yet valid.
How to install a Certificate Authority (CA) signed certificate using ONTAP CLI
https://kb.netapp.com/on-prem/ontap/DM/System_Manager/SM-KBs/How_to_install_a_Certificate_Authority_CA_signed_certificate_using_ONTAP_CLI
To establish trust between the browser used to access System Manager and the cluster SVM, you can install a Certificate Authority (CA) signed certificate using the ONTAP CLI. By default, the cluster S...To establish trust between the browser used to access System Manager and the cluster SVM, you can install a Certificate Authority (CA) signed certificate using the ONTAP CLI. By default, the cluster SVM utilizes a self-signed certificate for HTTPS access, which may not be automatically trusted by the browser.
How to renew or recreate an ONTAP self-signed SSL certificate with the NetApp PowerShell Toolkit
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_renew_or_recreate_an_ONTAP_self-signed_SSL_certificate_with_the_NetApp_PowerShell_Toolkit
If using ONTAP 9.10.1 or newer follow How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager. Creates a new certificate with the same properties as the previous one with a 10 yea...If using ONTAP 9.10.1 or newer follow How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager. Creates a new certificate with the same properties as the previous one with a 10 year expiration Note: This is a community based script and therefore is supported by the community and not within the NetApp support organization. Ensure the current PowerShell Execution Policy allows the running of this script (note: this script is not signed).
How to replace SSL certificates on cluster with external key manager configured
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_replace_SSL_certificates_on_cluster_with_external_key_manager_configured
The external key management server is a third-party system in your storage environment that serves authentication keys to nodes using the Key Management Interoperability Protocol (KMIP). The time must...The external key management server is a third-party system in your storage environment that serves authentication keys to nodes using the Key Management Interoperability Protocol (KMIP). The time must be synchronized on the server creating the certificates, the KMIP server, and the cluster Note: You can install the client and server certificates on the KMIP server before or after installing the certificates on the cluster.
How to configure communication between ONTAP and Service Processor (SP) or BMC with Certificate Authority (CA) signed certificates
https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/How_to_configure_communication_between_ONTAP_and_Service_Processor_SP_or_BMC_with_Certificate_Authority_CA_signed_certificates
ONTAP 9.5 and greater includes Feature Request 1172908 which supports secure communication with the service-processor (SP) or BMC through Certificate Authority (CA) signed certificates. If the SP API ...ONTAP 9.5 and greater includes Feature Request 1172908 which supports secure communication with the service-processor (SP) or BMC through Certificate Authority (CA) signed certificates. If the SP API port is queried for certificates after this process is complete, the same certificate will be returned for each SP/BMC in the cluster.