Skip to main content
NetApp Knowledge Base

What is the naming rule when the Certificate Name is automatically generated by ONTAP?

  1. Last updated
    Mar 27, 2025
  2. Save as PDF
Views:
64
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:
3/27/2025, 8:16:42 AM

Applies to

Answer

When cert-name is automatically set, it will have the same name as the common-name. However, if a certificate with the same common-name already exists and its validity period has not expired, the cert-name will take the form of <common-name>_<serial>.
 
Example:

ontap912::> security certificate create -common-name test -type server -vserver ontap912
The certificate's generated name for reference: test

ontap912::*> security certificate create -common-name test -type server
The certificate's generated name for reference: test_1812D5EF5CFFB4C1

ontap912::> security certificate show -common-name test
Vserver    Serial Number   Certificate Name                       Type
---------- --------------- -------------------------------------- ------------
ontap912   1812D587C662AC6F
                           test                                   server
    Certificate Authority: test
          Expiration Date: Sat Dec 20 17:33:05 2025

ontap912   1812D5EF5CFFB4C1
                           test_1812D5EF5CFFB4C1                  server
    Certificate Authority: test
          Expiration Date: Sat Dec 20 17:40:30 2025

2 entries were displayed.

Additionally, ff the common-name is the same as the vserver name, the serial number will unconditionally be appended to the cert-name.

ontap913::> security certificate show -fields vserver,common-name,serial,ca,type,expiration -type server -vserver test1
vserver common-name serial           ca      type   subtype cert-name expiration
------- ----------- ---------------- ------- ------ ------- --------- ------------------------
test1   zhuolin     1830966EAE1B6E0C zhuolin server -       zhuolin   Fri Mar 27 15:54:17 2026

ontap913::> security certificate create -common-name test1 -type server -vserver test1

The certificate's generated name for reference: test1_182D857C8EAA53B4

ontap913::> security certificate show -fields vserver,common-name,serial,ca,type,expiration -type server -vserver test1
vserver common-name serial           ca    type   subtype cert-name              expiration
------- ----------- ---------------- ----- ------ ------- ---------------------- ------------------------
test1   test1       182D857C8EAA53B4 test1 server -       test1_182D857C8EAA53B4 Tue Mar 17 16:10:00 2026 
test1   zhuolin     1830966EAE1B6E0C zhuolin
                                           server -       zhuolin                Fri Mar 27 15:54:17 2026
2 entries were displayed.

Additional Information

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.