Renew TLS/SSL Certificate in ONTAP 9 - Resolution Guide
Applies to
- ONTAP 9
- TLS/SSL certificates
- Admin certificates
- SVM/Vserver certificates
Description
- This article describes the procedure to renew an SSL self-signed certificate in ONTAP 9 storage systems.
- In ONTAP, the default self-signed certificate expires after 365 days.
- The procedure is similar for other TLS/SSL certificates used by any SVM/Vserver.
- An expired certificate may cause a loss of access to the System Manager web server for management via HTTPS, as well as other issues.
|
WARNING
|
Procedure
CA-Signed Certificates:
| Version | Resolution |
|---|---|
| ONTAP 9.10.1 and later | How to install or renew a CA signed certificate using ONTAP System Manager |
| ONTAP 9 via command line | How to install a Certificate Authority (CA) signed certificate using ONTAP CLI |
Self-Signed Certificates:
| Version | Resolution |
|---|---|
| ONTAP 9.10.1 and later | How to renew a self-signed certificate in System Manager |
| ONTAP 9 via command line | How to renew an ONTAP Self-Signed SSL certificate via command line |
| ONTAP 9 via power shell | How to renew or recreate an ONTAP self-signed SSL certificate with the NetApp PowerShell Toolkit |
| Data ONTAP 8.2 7 mode | How to renew an SSL certificate in Data ONTAP 7-Mode |
Additional Information
- Will disabling a vserver SSL certificate impact CIFS shares in ONTAP 9
- Check Active IQ if this impacts your systems
- CA-signed SSL certificate install with custom certificate name fails with duplicate entry
- Trying to enable self-signed server ssl certificate fails with "Error: duplicate entry"
- If you are receiving the warning "
mgmtgwd.certificate.expiring" and are currently on or upgrading to a version of ONTAP 9.2 or later, see the article FAQ: What is the Certificate Truststore?
Related links: