Search
- Filter results by:
- View attachments
- https://kb.netapp.com/Legacy/ONTAP/7Mode/How_to_renew_an_SSL_certificate_in_Data_ONTAP_7-ModeThis article describes the procedure to be followed to renew an SSL certificate on Data ONTAP 7-Mode storage systems. Over time this has made the 512 Keylength no longer valid, which means that any SS...This article describes the procedure to be followed to renew an SSL certificate on Data ONTAP 7-Mode storage systems. Over time this has made the 512 Keylength no longer valid, which means that any SSL Certificate running 512 needs to be recreated with a length of 1024 or 2048. You can confirm the current SSL Certificate keylength by running the following Syntax from the Ontap Write on the /etc of the storage system the new certificate (if you are using a vFiler, refer to the /etc of the vFiler)
- https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/Renew_TLS_SSL_Certificate_in_ONTAP_9_Resolution_GuideThis article describes the procedure to renew an SSL certificate in ONTAP 9 storage systems. The default certificate expires after 365 days.The procedure is the same for other SSL certificates used by...This article describes the procedure to renew an SSL certificate in ONTAP 9 storage systems. The default certificate expires after 365 days.The procedure is the same for other SSL certificates used by any SVM/Vserver.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_install_a_root-ca_certificate_for_AD_LDAPKB article covers how to export and Install a Root CA Certificate for AD LDAP on ONTAP CLI"
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_renew_an_ONTAP_self-signed_SSL_certificate_via_command_lineThis article contains a video and procedure describing how to renew an SSL self-signed certificate on the command line in ONTAP 9 storage systems.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/NSE__How_can_I_renew_expired_NSE_certificates_connected_to_TKLM_or_SKLM_key_serversIn case there is a loss of power during the certificate replacement procedures, manually re-key the drives to default Key ID 0x0 temporarily before replacing the certificates. Run: disk encrypt rekey ...In case there is a loss of power during the certificate replacement procedures, manually re-key the drives to default Key ID 0x0 temporarily before replacing the certificates. Run: disk encrypt rekey <Key-ID> * (This is the Key ID from Step 1b above, the Key ID should also be on the key_manager query output) Rekeying the drives to default KeyID 0x0 will allow full access to the data on the encryption drives without the requirement for key server authentication.
- https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/cluster_certificate_is_expired_or_SSL_is_not_enabled_for_the_admin_SVMApplies to OnCommand Unified Manager (UM) ActiveIQ Unified Manager (UM) Storage Virtual Machine (SVM) Issue The following email notification is received from UM: Alert from Active IQ Unified Manager: ...Applies to OnCommand Unified Manager (UM) ActiveIQ Unified Manager (UM) Storage Virtual Machine (SVM) Issue The following email notification is received from UM: Alert from Active IQ Unified Manager: Cluster Not Reachable In addition to this, one or both of the following conditions will be present on the cluster SSL certificate presented by the cluster is expired SSL service on the admin SVM is disabled
- https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/Unified_Manager_performance_collection_fails_because_the_cluster_certificate_is_expiredActiveIQ Unified Manager (UM) Performance data might be missing when reviewing volume performance charts. When viewing the Performance / Volumes page in the UM web interface the columns Latency, IOPS,...ActiveIQ Unified Manager (UM) Performance data might be missing when reviewing volume performance charts. When viewing the Performance / Volumes page in the UM web interface the columns Latency, IOPS, MBps display N/A instead of performance data Get the following error in ocumserver.log: 2023-02-18 00:10:02,841 WARN [oncommand] [reconciliation-0] [c.n.d.c.ClusterStatusListener] Acquisition Failed for cluster : Cluster1 message : Certificate with CN: Cluster1 is expired or not yet valid.
- https://kb.netapp.com/on-prem/ontap/DM/System_Manager/SM-KBs/How_to_install_a_Certificate_Authority_CA_signed_certificate_using_ONTAP_CLITo establish trust between the browser used to access System Manager and the cluster SVM, you can install a Certificate Authority (CA) signed certificate using the ONTAP CLI. By default, the cluster S...To establish trust between the browser used to access System Manager and the cluster SVM, you can install a Certificate Authority (CA) signed certificate using the ONTAP CLI. By default, the cluster SVM utilizes a self-signed certificate for HTTPS access, which may not be automatically trusted by the browser.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_renew_or_recreate_an_ONTAP_self-signed_SSL_certificate_with_the_NetApp_PowerShell_ToolkitIf using ONTAP 9.10.1 or newer follow How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager. Creates a new certificate with the same properties as the previous one with a 10 yea...If using ONTAP 9.10.1 or newer follow How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager. Creates a new certificate with the same properties as the previous one with a 10 year expiration Note: This is a community based script and therefore is supported by the community and not within the NetApp support organization. Ensure the current PowerShell Execution Policy allows the running of this script (note: this script is not signed).
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_replace_SSL_certificates_on_cluster_with_external_key_manager_configuredThe external key management server is a third-party system in your storage environment that serves authentication keys to nodes using the Key Management Interoperability Protocol (KMIP). The time must...The external key management server is a third-party system in your storage environment that serves authentication keys to nodes using the Key Management Interoperability Protocol (KMIP). The time must be synchronized on the server creating the certificates, the KMIP server, and the cluster Note: You can install the client and server certificates on the KMIP server before or after installing the certificates on the cluster.
- https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/How_to_configure_communication_between_ONTAP_and_Service_Processor_SP_or_BMC_with_Certificate_Authority_CA_signed_certificatesONTAP 9.5 and greater includes Feature Request 1172908 which supports secure communication with the service-processor (SP) or BMC through Certificate Authority (CA) signed certificates. If the SP API ...ONTAP 9.5 and greater includes Feature Request 1172908 which supports secure communication with the service-processor (SP) or BMC through Certificate Authority (CA) signed certificates. If the SP API port is queried for certificates after this process is complete, the same certificate will be returned for each SP/BMC in the cluster.