How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager (ONTAP 9.10 and above)

How to renew an ONTAP self-signed SSL certificate via ONTAP System Manager.
- For ONTAP versions prior to 9.10.1, use the command line to renew expiring certificates.
- See How to renew an ONTAP self-signed SSL certificate via command line

WARNING

On production systems, it is a NetApp best practice to install a CA-signed digital certificate for use in authenticating the cluster or SVM as an SSL server.
If using SAML, then disable SAML before renewing the cluster certificate. After the certificate is renewed, SAML will need to be re-configured again.
- See KB ONTAP System Manager is not accessible after renewing the cluster certificate with SAML enabled for additional information.

Log into System Manager.
Select CLUSTER -> Settings and click the arrow next to Certificates.
Select the Client/Server Certificates tab.
Select the ellipsis for the certificate then Renew.
Update the certificate name and duration as needed.
Click on the checkbox for Self-sign the certificate then Renew.
Select the ellipsis next to the original certificate and select Delete.
1. Renewing a certificate creates a new certificate and replaces the original, which is not automatically deleted.
2. Also check if SSL is enabled for the SVM's server, which is done from the command line. It's mentioned in the command line article.
3. The maximum allowed value of days is 3652.

2022-03-16_14-13-37 (1).gif

Note: This task does not affect the ONTAP workload.