How to renew or recreate an ONTAP self-signed SSL certificate with the NetApp PowerShell Toolkit
Applies to
- ONTAP 9.9.1 and earlier
- NetApp PowerShell Toolkit
Description
- By default, ONTAP uses self-signed certificates for SSL management access.
- These certificates have expiration dates.
- To stay current with self-signed SSL certificates a recreation/renewal process is needed.
- This article details one method through the NetApp.ONTAP PowerShell toolkit.
- There is no downtime required to renew a certificate.
- If using ONTAP 9.10.1 or newer follow How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager.
Script Process
- Connecting to a cluster
- Collecting all existing certificates
- Ensuring the certificate is self-signed
- Creates a new certificate with the same properties as the previous one with a 10 year expiration
- Configures SSL on the SVM to use the new certificate
- Deletes the previous self-signed certificate
Note: This is a community based script and therefore is supported by the community and not within the NetApp support organization. |
Procedure
1. Install the NetApp.ONTAP PowerShell Toolkit.
2. Install the NetAppSSLCertificateRenew Script.
3. Follow the syntax and usage as outlined in the help section of the script:
PS C:\> get-help NetAppSSLCertificateRenew -detailed
4. Ensure the current PowerShell Execution Policy allows the running of this script (note: this script is not signed). Consult your system administrator if the PowerShell Execution Policy needs to be changed.
PS C:\> Get-ExecutionPolicy -list
5. Execute the script when ready:
PS C:\> NetAppSSLCertificateRenew
Additional Information
- To manually renew/recreate self-signed SSL certificates follow this process.
- To use a certificate from a Certificate Authority (CA) follow this process.