ERROR mgmtgwd.certificate.expired caused by expired AIQUM client certificate
- Views:
- 3,363
- Visibility:
- Public
- Votes:
- 0
- Category:
- active-iq-unified-manager
- Specialty:
- om
- Last Updated:
- 5/28/2025, 7:38:52 AM
Applies to
- Active IQ Unified Manager (AIQUM)
- ONTAP 9
Issue
- ONTAP reports
ERROR mgmtgwd.certificate.expiredorERROR mgmtgwd.certificate.expiringevery daymgmtgwd.certificate.expired: A digital certificate with Fully Qualified Domain Name (FQDN) <AIQUM_SYSTEM_ID>, Serial Number <SERIAL_NO>, Certificate Authority '<AIQUM_SYSTEM_ID>' and type client for Vserver <CLUSTER_SVM> has expired.mgmtgwd.certificate.expiring: A digital certificate with Fully Qualified Domain Name (FQDN) <AIQUM_SYSTEM_ID>, Serial Number <SERIAL_NO>, Certificate Authority '<AIQUM_SYSTEM_ID>' and type client for Vserver <CLUSTER_SVM> will expire in the next NN day(s).
certificate show -type clientcommand of ONTAP indicates that the client certificate installed by AIQUM for EMS subscription has expired
cluster1::> certificate show -type client
(security certificate show)
Vserver Serial Number Certificate Name Type
---------- --------------- -------------------------------------- ------------
cluster1 2B5E4C41 f9a179e6-091b-4325-8fe1-59d5e6e9fdd1 client
Certificate Authority: f9a179e6-091b-4325-8fe1-59d5e6e9fdd1
Expiration Date: Tue Aug 29 21:05:19 2023
- Deleting the certificate in System Manager fails:
The certificate could not be removed due to the following conflicts: The certificate issued by "xxxxxxxxxxxxxxx" with serial number "xxxxxxx" is in use by the rest-api EMS destination "xxxxxxxxxxx" and cannot be removed.
