What is the impact of an expired digital certificate used for a Vserver?

Applies to

• ONTAP 9
• SSL Certificate

Answer

• Client Certificate

An expired client digital SSL certificate will prevent the client from accessing the Vserver aka Storage Virtual Machine (SVM).

• Server Certificate
  • An expired server digital certificate does not prevent users from accessing the Vserver aka SVM.
  • The browser on the client side will warn the user of the risk, but will not block access.
  • FPolicy, Anti-Virus, System Manager, or other connections to port 443 (HTTPS) may fail if the required certificate expires.
• root CA certificates (server-ca)

Refer to issue CONTAP-41469

• How to check for expired Certificates
  • Related KB articles:
    • Error message of "mgmtgwd.certificate.expiring" in event log
  • Command:

::> security certificate show -fields expiration

::> security certificate show -expiration <30d ​​​​​​​

• EMS Alerts:
  EMS identifier 'mgmtgwd.certificate.expiring' will be reported when a digital certificate for a Vserver is about to expire.
EMS identifier 'mgmtgwd.certificate.expired' will be reported when a digital certificate for a Vserver is expired.

Additional Information

• How to renew an SSL certificate in ONTAP 9
• Manage SSL
• What are some common uses for vserver Self-Signed Certificates?
• Will disabling a vserver SSL certificate impact CIFS shares in ONTAP 9
• Impact during renew a certificate that is expired/expiring