How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager (ONTAP 9.10 and above)

Applies to

• Self-signed certificates
• ONTAP System Manager 9.10.1 and later

Description

• How to renew an ONTAP self-signed SSL certificate via ONTAP System Manager.
  • For ONTAP versions prior to 9.10.1, use the command line to renew expiring certificates. 
  • See How to renew an ONTAP self-signed SSL certificate via command line

Procedure

1. Log into System Manager.
2. Select CLUSTER -> Settings and click the arrow next to Certificates.
3. Select the Client/Server Certificates tab.
4. Select the ellipsis for the certificate then Renew.
5. Update the certificate name and duration as needed.
6. Click on the checkbox for Self-sign the certificate then Renew.
7. Select the ellipsis next to the original certificate and select Delete.

a. Renewing a certificate creates a new certificate and replaces the original, which is not automatically deleted.

b. Also check if SSL is enabled for the SVM's server, which is done from the command command:

::> security ssl show

c. The maximum allowed value of days is 3652.

Note: This task does not affect the ONTAP workload.

Note: If the above does not work properly, follow the steps to renew the cert via the command line.

Additional Information

• How to renew an ONTAP self-signed SSL certificate via command line
• How to renew a Self-Signed SSL certificate in ONTAP 9
• How to manage SSL certificates via System Manager
• Renew self signed SSL certificate in ONTAP 9 Resolution Guide