How to install or renew a CA signed certificate using ONTAP System Manager
Applies to
- ONTAP 9.10.1 and above
- ONTAP System Manager
Description
Beginning in ONTAP 9.10.1 and later you can create, install, renew and manage Certificate Authority (CA) signed certificates in the ONTAP System Manager user interface
Procedure
- Login to the ONTAP System Manager user interface
- Select CLUSTER -> Settings
- Scroll down and select the arrow next to Certificates
- Select +Generate CSR
- Click More Options and fill in as needed
- Note: Either exclude the URI, or fill in the field with the System Manager URL (excluding
/sysmgr/v4). - Note: Modern browsers require the use of the Subject Alternative Names field.
- Hit Export or copy the contents
- NOTE: Be sure to save the private key for later use
- Send the CSR output to your CA to create the signed digital certificate
- Refer to documentation from your CA for the appropriate procedure
- Select the Client/Server Certificate tab in System Manager
- Click +Add
- Paste or import the CA signed certificate
- Filter the System Manager view for the new common name
- Take note of the serial number
- The new certificate can be enabled using the commands below
- Validate the current certificate
::> certificate show -vserver <vserver> -common-name <common-name>
- Modify the current certificate
::> security ssl modify -vserver <vserver> -ca <ca> -serial <serial>
- Validate the current certificate