Is there any impact when expired certificates of type client with old AIQUM ID
Applies to
- ONTAP 9.8+
- ActiveIQ Unified Manager (AIQUM)
- Certificates
Answer
Cluster
type certificates are created in ONTAP when EMS events are subscribed in AIQUM- These are needed to verify AIQUM as
event notification destinatio
n withrest-api
type - This is visible in ONTAP CLI via
event notification destination show -type rest-api -instance
- AIQUM ID can be verified from AIQUM
maintenance_console
orapplication-record show
from ONTAP - These certificates validate themselves with the AIQUM server certificate which shows as type
server-ca
in ONTAP - These certificates are only verified during generation and never again
- Hence, existing clusters will have no impact but a new addition of a cluster fails
- EMS subscription will work as it is even if the client type certificates are expired
- The old certificates can be removed from ONTAP only after renewed from AIQUM
Additional Information
N/A