Skip to main content
NetApp Knowledge Base

What certificates does AIQUM use, what is impact when expired and how to regenerate?

Views:
1,413
Visibility:
Public
Votes:
1
Category:
active-iq-unified-manager
Specialty:
om
Last Updated:

Applies to

  • Active IQ Unified Manager (AIQUM)
  • ONTAP 9

Answer

  • SSL (HTTPS) certificate
Type server-ca
Generated by AIQUM
Stored in AIQUM/ONTAP
Purpose

Authentication of AIQUM server in HTTP/HTTPS connections via browser

Note: AIQUM installs this certificate to ONTAP while adding cluster

Impact when expired
How to regenerate

 

  • EMS certificate
Type client
Generated by AIQUM
Stored in AIQUM/ONTAP
Purpose

Authentication of EMS notifications received from ONTAP for Subscribing to ONTAP EMS events

Note: AIQUM installs this certificate to ONTAP while adding cluster

Impact when expired
How to regenerate

Please contact NetApp Technical Support or log into the NetApp Support Site to create a case. Reference this article for further assistance.

 

  • Certificates for Mutual TLS communication
Type client-ca
Generated by AIQUM
Stored in AIQUM/ONTAP
Purpose

Authentication of ONTAP cluster during AIQUM data acquisition

Note: AIQUM installs this certificate to ONTAP while adding cluster

Impact when expired
How to regenerate Follow the steps described in Cluster acquisition fails in AIQUM due to expired CA certificate for Mutual TLS communication

 

  • Cluster certificates
Type server
Generated by ONTAP
Stored in ONTAP
Purpose Authentication of ONTAP cluster while adding ONTAP cluster
Impact when expired

Note: See also What is the impact of an expired digital certificate used for a Vserver for the impact from ONTAP cluster perspective

How to regenerate How to renew a Self-Signed SSL certificate in ONTAP 9

 

Note: Type of certificate can be found by using -type parameter of ONTAP security certificate show command

::> security certificate show -type server-ca

Vserver    Serial Number   Certificate Name                       Type
---------- --------------- -------------------------------------- ------------
cluster1   85589F65349650BE
                           aiqum.demo.netapp.com_85589F65349650BE server-ca
    Certificate Authority: demo.netapp.com
          Expiration Date: Fri Nov 01 21:06:11 2058

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.