What will happen when my Autosupport Certificate in ONTAP expires?
Applies to
- ONTAP 9
- Autosupport
Answer
EMS message
mgmtgwd.certificate.expiring: A digital certificate with Fully Qualified Domain Name (FQDN) AddTrustExternalCARoot, Serial Number 01, Certificate Authority 'AddTrust External CA Root' and type server-ca for Vserver (vserver) will expire in the next (--) day(s).
- Nothing will happen. You will continue to send Autosupports using HTTPS and continue to authenticate with support.netapp.com
- NetApp renewed the support.netapp.com X.509 server certificate using an existing unexpired root CA included in the ONTAP certificate truststore bundle
- No further action is required
- Certificate expiring
cluster1::> security certificate show -common-name Ad*
Vserver Serial Number Certificate Name Type
---------- --------------- ---------------------------- ------------
cluster1 01 AddTrustExternalCARoot server-ca
Certificate Authority: AddTrust External CA Root
Expiration Date: Sat May 30 10:48:38 2020
- New signed Certificate (pre-existing in the truststore bundle)
cluster1::*> security certificate show -vserver cluster1 -common-name AAACertificateServices
Vserver Serial Number Common Name Type
---------- --------------- -------------------------------------- ------------
cluster1
01 AAACertificateServices server-ca
Certificate Authority: AAA Certificate Services
Expiration Date: Sun Dec 31 18:59:59 2028
Additional Information
-
If you are not on a fixed version for Bug 1245418 - EMS expiration warnings are sent for truststore certificates expiring in 30 days you will continue to see the EMS expiration message until you upgrade. You may also delete the certificate after May 30, 2020
-
What is the Certificate Truststore? This Article provides information on FAQ regarding the Truststore in ONTAP