Skip to main content
NetApp Knowledge Base

Is there any impact when expired certificates of type client with old AIQUM ID

  1. Last updated
    Nov 11, 2024
  2. Save as PDF
Views:
450
Visibility:
Public
Votes:
1
Category:
active-iq-unified-manager
Specialty:
om
Last Updated:
11/11/2024, 10:15:53 AM

Applies to

  • ONTAP 9.8+
  • ActiveIQ Unified Manager (AIQUM)
  • Certificates

Answer

  • Cluster type certificates are created in ONTAP when EMS events are subscribed in AIQUM
  • These are needed to verify AIQUM as event notification destination with rest-api type
  • This is visible in ONTAP CLI via event notification destination show -type rest-api -instance

SAP case certificate.jpg

  • AIQUM ID can be verified from AIQUM maintenance_console or application-record show from ONTAP
  • These certificates validate themselves with the AIQUM server certificate which shows as type server-ca in ONTAP
  • These certificates are only verified during generation and never again
  • Hence, existing clusters will have no impact but a new addition of a cluster fails
  • EMS subscription will work as it is even if the client type certificates are expired
  • The old certificates can be removed from ONTAP only after renewed from AIQUM

Additional Information

N/A

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.