Skip to main content
NetApp Knowledge Base

CONTAP-409261: Certificate discrepancy between /api/cluster/web and security ssl show

Views:
30
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
CORE
Last Updated:
4/2/2025, 3:08:35 PM

Issue

  • REST API and ONTAP commands show discrepancy in SSL configuration

  • The REST API call /api/cluster/web:

curl -ku admin:"P@ssw0rd" https://cluster1/api/cluster/web
{
"enabled": true,
"http_port": 80,
"https_port": 443,
"state": "online",
"http_enabled": false,
"csrf": {
"protection_enabled": true,
"token": {
"concurrent_limit": 500,
"idle_timeout": 900,
"max_timeout": 0
}
},
"certificate": {
"name": "cert1",
"uuid": "8d4faf7a-f9a1-11ef-9c7f-d039eaa1b42e",
"_links": {
"self": {
"href": "/api/security/certificates/8d4faf7a-f9a1-11ef-9c7f-d039eaa1b42e"
}
}
},
"client_enabled": false,
"ocsp_enabled": false,
"_links": {
"self": {
"href": "/api/cluster/web"
}
}
}
::> show-user-installed -type server -fields cert-name,serial
(security certificate show-user-installed)
vserver common-name serial ca type subtype cert-name
---------------- ------------------- ------ ------ ------ ------- ---------
cluster1 "*.demo.netapp.com" 100A wsl_ca server - cert1
cluster1 "*.demo.netapp.com" 100B wsl_ca server - cert2
2 entries were displayed.

  • And the ONTAP command:

::> ssl show -vserver cluster1
(security ssl show)
Vserver: cluster1
Server Certificate Issuing CA: wsl_ca
Server Certificate Serial Number: 100B
Server Certificate Common Name: *.demo.netapp.com
SSL Server Authentication Enabled: true
SSL Client Authentication Enabled: false
Online Certificate Status Protocol Validation Enabled: false
URI of the Default Responder for OCSP Validation:
Force the Use of the Default Responder URI for OCSP Validation: false
Timeout for OCSP Queries: 10s
Maximum Allowable Age for OCSP Responses (secs): unlimited
Maximum Allowable Time Skew for OCSP Response Validation: 5m
Use a NONCE within OCSP Queries: true

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.