What certificates does AIQUM use, what is impact when expired and how to regenerate?
Applies to
- Active IQ Unified Manager (AIQUM)
- ONTAP 9
Answer
- SSL (HTTPS) certificate
Type | server-ca |
Generated by | AIQUM |
Stored in | AIQUM/ONTAP |
Purpose |
Authentication of AIQUM server in HTTP/HTTPS connections via browser Note: AIQUM installs this certificate to ONTAP while adding cluster |
Impact when expired |
|
How to regenerate |
|
- EMS certificate
Type | client |
Generated by | AIQUM |
Stored in | AIQUM/ONTAP |
Purpose |
Authentication of EMS notifications received from ONTAP for Subscribing to ONTAP EMS events Note: AIQUM installs this certificate to ONTAP while adding cluster |
Impact when expired |
|
How to regenerate |
- Certificates for Mutual TLS communication
Type | client-ca |
Generated by | AIQUM |
Stored in | AIQUM/ONTAP |
Purpose |
Authentication of ONTAP cluster during AIQUM data acquisition Note: AIQUM installs this certificate to ONTAP while adding cluster |
Impact when expired |
|
How to regenerate | Follow the steps described in Cluster acquisition fails in AIQUM due to expired CA certificate for Mutual TLS communication |
- Cluster certificates
Type | server |
Generated by | ONTAP |
Stored in | ONTAP |
Purpose | Authentication of ONTAP cluster while adding ONTAP cluster |
Impact when expired |
Note: See also What is the impact of an expired digital certificate used for a Vserver for the impact from ONTAP cluster perspective |
How to regenerate | How to renew a Self-Signed SSL certificate in ONTAP 9 |
Note: Type of certificate can be found by using -type
parameter of ONTAP security certificate show command
::> security certificate show -type server-ca
Vserver Serial Number Certificate Name Type
---------- --------------- -------------------------------------- ------------
cluster1 85589F65349650BE
aiqum.demo.netapp.com_85589F65349650BE server-ca
Certificate Authority: demo.netapp.com
Expiration Date: Fri Nov 01 21:06:11 2058