What is the impact of an expired digital certificate used for a Vserver?
Applies to
- ONTAP 9
- SSL Certificate
Answer
- Client Certificate
An expired client digital SSL certificate will prevent the client from accessing the Vserver aka SVM (Storage Virtual Machine)
- Server Certificate
- An expired server digital certificate does not prevent users from accessing the Vserver aka SVM.
- The browser on the client side will warn the user of the risk, but will not block access.
- FPolicy, Anti-Virus, System Manager, or other connections to port 443 (HTTPS) may fail if the required certificate expires.
- root CA certificates (server-ca)
Refer to bug 1245418
- How to check for expired Certificates
- Related KBs
- Command:
::>security certificate show -fields expiration
- EMS Alerts:
EMS identifier 'mgmtgwd.certificate.expiring' will be reported when a digital certificate for a Vserver is about to expire.
EMS identifier 'mgmtgwd.certificate.expired' will be reported when a digital certificate for a Vserver is expired.