Skip to main content
NetApp Knowledge Base

Expired Client-CA certificate not visible in cluster CLI after renewed certificate installation

  1. Last updated
    Mar 19, 2025
  2. Save as PDF
Views:
85
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:
3/19/2025, 7:12:51 PM

Applies to

ONTAP 9
Certificate Authority (CA) certificates

Issue

A CA certificate of type client-ca was observed to be expiring soon, so a new CA certificate was obtained and installed on the cluster.  Afterwards, EMS messages were seen in EMS:
 
Mon Feb 24 00:00:03 -0800 [Node100a: mgwd: mgmtgwd.certificate.expired:error]: A digital certificate with Fully Qualified Domain Name (FQDN) CA_Cert_Name, Serial Number 5xxxxxx, Certificate Authority 'CAAuth' and type client-ca for Vserver SVM100 has expired.
 
The serial number: 5xxxxxx was the serial number for the older, soon to expire certificate.
 
The certificate was not visible at the cluster CLI
 
Cluster::> security certificate show -vserver SVM100 -type client-ca

Vserver    Serial Number     Certificate Name                       Type
---------- ---------------   -------------------------------------- ------------
SVM100     67D68CA1E92DF92B  CA_Cert_Name_68CA1E92DF92B             client-ca
    Certificate Authority: CAAuth
          Expiration Date: Fri Feb 06 10:27:32 2026

<No information for the original certificate serial number 5xxxxxx>

The errant certificate was also not visible using the security certificate show-user-installed command.

ASUPs (CERTIFICATE.XML) show both the expiring cert as well as the renewed cert:

Name of Vserver     FQDN or Custom Common Name     Serial Number of Certificate     Certificate Authority     Type of Certificate     Certificate Expiration Date    Unique Certificate Name
SVM100             adminCert                53B997FF3C33B52D        CAAuth            client-ca        Fri Dec 13 10:47:29 2024    CA_Cert_Name
SVM100             adminCert                 67D68CA1E92DF92B       CAAuth            client-ca        Fri Feb 06 10:27:32 2026    CA_Cert_Name_68CA1E92DF92B

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.