Encryption KBs
Encryption KBs
Featured
NetApp Encryption Overview
NetApp offers both software and hardware based encryption technologies
NetApp offers both software and hardware based encryption technologies
FAQ: NVE and NAE
Frequently asked questions about NetApp Volume and NetApp Aggregate Encryption
Frequently asked questions about NetApp Volume and NetApp Aggregate Encryption
What is NetApp Storage Encryption
Full disk encryption that protects data at rest with no operational impact
Full disk encryption that protects data at rest with no operational impact
Other Resources
- How to enable OKM in ONTAP for non-MetroCluster environmentsFri, 06 Feb 2026
- Lun create fails with "The Onboard Key Manager is already configured"Thu, 05 Feb 2026
- VEK keys got converted into AEK after ONTAP upgrade to 9.14.XFri, 30 Jan 2026
- Unable to configure data SVM key manager with NAE volumes in 9.16.1PxWed, 03 Dec 2025
- Failed to verify the backup blob after adding node to clusterMon, 03 Nov 2025
- Does ONTAP 9 support the ACME protocol for automated certificate management?Wed, 08 Oct 2025
- Does the SAN ARP entropy evaluation period apply to NAS volumes including VM datastores ?Fri, 03 Oct 2025
- TPM driver detaching at Boot in ONTAP 9.16.1 and higherMon, 29 Sep 2025
- Onboard keys not found after boot device replacementThu, 18 Sep 2025
- crypto.import.failed errors after re-initializing an ONTAP ClusterFri, 05 Sep 2025
- What is the config step in ONTAP when External Key Manager restore with same CAThu, 14 Aug 2025
- Volume creation fails in GCP as VEKs cannot be created for data SVMMon, 11 Aug 2025
- Newly created aggreagtes are not being encrypted after enabling OKMThu, 31 Jul 2025
- Does the server-CA certificate SwisscomRootCA1 need to be renewed manually?Thu, 31 Jul 2025
- Is it required to install SSL certificates for disk encryption?Tue, 29 Jul 2025
- Unable to modify EKM server-ca certificates due to errorMon, 21 Jul 2025
- External Key Manager reports SSL PEER VALIDATION errorFri, 20 Jun 2025
- Can SnapLock Enterprise mode snapshots be deleted before the retention period expiresFri, 13 Jun 2025
- SVM Migrate will not preserve SVM Root volume if NAE and NAE aggr is present on destThu, 22 May 2025
- Does NetApp support encryptionTue, 20 May 2025
- How to enable OKM in ONTAP for non-MetroCluster environmentsFri, 06 Feb 2026
- Failed to generate cluster key encryption key in kernelThu, 05 Feb 2026
- VEK key remains cached on node after NVE is deleted and removed from external key serverThu, 05 Feb 2026
- Lun create fails with "The Onboard Key Manager is already configured"Thu, 05 Feb 2026
- VEK keys got converted into AEK after ONTAP upgrade to 9.14.XFri, 30 Jan 2026
- Considerations for NSE while migrating to new External Key Manager serversMon, 26 Jan 2026
- Encryption error observed in SVMDR relationship on DST volumeWed, 14 Jan 2026
- Unable to install CA certificate. ERROR "The common name(CN) extracted from the certificate is invalid"Fri, 09 Jan 2026
- OKM in use: ANDU Validation Error: One or more encryption keys status are unavailableTue, 30 Dec 2025
- OKM upgrade error: Failed to verify the signatures of the imageTue, 23 Dec 2025
- Installation of CA certificate fails with "Failed to read the X509 from BIO."Thu, 18 Dec 2025
- Can object-store-server certificate be renewed without stopping the serverThu, 18 Dec 2025
- Flexgroup shows partial and mixed state following volume move to decrypt or encryptTue, 16 Dec 2025
- Can we convert ONTAP from DAR to NoDAR?Tue, 16 Dec 2025
- Unable to configure data SVM key manager with NAE volumes in 9.16.1PxMon, 15 Dec 2025
- TPM driver detaching at Boot in ONTAP 9.16.1 and higherFri, 12 Dec 2025
- NSE: How to enable drive authentication on a NSE spare drive replacementMon, 08 Dec 2025
- How to install a root-ca certificate for AD LDAPMon, 01 Dec 2025
- ASUP callhome.nse.ak.check.failed event and NSE AUTHENTICATION KEY CHECK FAILEDWed, 26 Nov 2025
- Unable to modify EKM server-ca certificates due to errorTue, 25 Nov 2025
Highest rated
(rating)- Error message of "mgmtgwd.certificate.expired" in event log
- ONTAP Truststore certificate BaltimoreCyberTrustRoot expiring May 2025
- Permission Denied when retrieving keys due to SKLM certificate change
- Restore onboard key management encryption keys
- How to set pre-boot environment variables for NetApp Storage Encryption using KMIP servers
- Giveback during ANDU is vetoed due to External Key Manager
- When Onboard Key Manager (OKM) Common Criteria Mode is enabled a cluster-wide passphrase is required at system startup
- Error: Encryption is not enabled on the destination cluster
- How to remove Onboard Key Management (OKM) in Data ONTAP 9.6 and later when volumes are encrypted
- How do i know whether my data is encrypted at rest?
- Can deleted files be non-disruptively purged from NVE volumes?
- How do I transition from the onboard key manager to an external key manager or conversely
- How to rotate data authentication keys on a FIPS drive or SED
- OKM in use: ANDU Validation Error: One or more encryption keys status are unavailable
- How to renew or recreate an ONTAP self-signed SSL certificate with the NetApp PowerShell Toolkit
Recently updated
(date updated)- How to enable OKM in ONTAP for non-MetroCluster environments
- Failed to generate cluster key encryption key in kernel
- VEK key remains cached on node after NVE is deleted and removed from external key server
- Lun create fails with "The Onboard Key Manager is already configured"
- VEK keys got converted into AEK after ONTAP upgrade to 9.14.X
- Considerations for NSE while migrating to new External Key Manager servers
- Encryption error observed in SVMDR relationship on DST volume
- Unable to install CA certificate. ERROR "The common name(CN) extracted from the certificate is invalid"
- OKM in use: ANDU Validation Error: One or more encryption keys status are unavailable
- OKM upgrade error: Failed to verify the signatures of the image
- Installation of CA certificate fails with "Failed to read the X509 from BIO."
- Can object-store-server certificate be renewed without stopping the server
- Flexgroup shows partial and mixed state following volume move to decrypt or encrypt
- Can we convert ONTAP from DAR to NoDAR?
- Unable to configure data SVM key manager with NAE volumes in 9.16.1Px
Recently added
(date created)- How to enable OKM in ONTAP for non-MetroCluster environments
- Lun create fails with "The Onboard Key Manager is already configured"
- VEK keys got converted into AEK after ONTAP upgrade to 9.14.X
- Unable to configure data SVM key manager with NAE volumes in 9.16.1Px
- Failed to verify the backup blob after adding node to cluster
- Does ONTAP 9 support the ACME protocol for automated certificate management?
- Does the SAN ARP entropy evaluation period apply to NAS volumes including VM datastores ?
- TPM driver detaching at Boot in ONTAP 9.16.1 and higher
- Onboard keys not found after boot device replacement
- crypto.import.failed errors after re-initializing an ONTAP Cluster
- What is the config step in ONTAP when External Key Manager restore with same CA
- Volume creation fails in GCP as VEKs cannot be created for data SVM
- Newly created aggreagtes are not being encrypted after enabling OKM
- Does the server-CA certificate SwisscomRootCA1 need to be renewed manually?
- Is it required to install SSL certificates for disk encryption?