Skip to main content
NetApp Knowledge Base

Old server certificate remains on MetroCluster destination SVM after source renewal

  1. Last updated
  2. Save as PDF
Views:
18
Visibility:
Public
Votes:
0
Category:
metrocluster
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9
  • MetroCluster
  • SVM server

Issue

After renewing an SVM server certificate on the MetroCluster source SVM and removing the old certificate there, the old server certificate is not automatically removed from the MetroCluster destination SVM (for example, "<svm>-mc").
As a result, the destination SVM can show multiple server certificates, including a stale/old one that is no longer present on the source.
  • "metrocluster vserver show" reports the MetroCluster SVM relationship as healthy.
Cluster::> metrocluster vserver show -vserver <vserver1>
 
Cluster: XXXX
Partner                       Configuration
Vserver                     Vserver                       State
-------------------         ----------------------        -----------------
<vserver1>                  <vserver1>-mc                 healthy
 
  • The source SVM lists only the current (renewed) server certificate.

cluster_src::> security certificate show -vserver svm1
Vserver Serial Number Certificate Name Type

svm1
AAAABBBBCCCCDDDDEEEEFFFF0000111122223333
RootCA-Example server-ca
Certificate Authority: RootCA-Example
Expiration Date: Sat Oct 27 13:43:57 2040

svm1
1111222233334444555566667777888899990000
svm1.example.com server
Certificate Authority: IssuingCA-Example
Expiration Date: Sun Jan 24 03:04:14 2027

  • The destination SVM lists the current server certificate and an additional older server certificate.

cluster_dst::> security certificate show -vserver svm1-mc
Vserver Serial Number Certificate Name Type

svm1-mc
AAAABBBBCCCCDDDDEEEEFFFF0000111122223333
RootCA-Example server-ca
Certificate Authority: RootCA-Example
Expiration Date: Sat Oct 27 13:43:57 2040

svm1-mc
1111222233334444555566667777888899990000
svm1.example.com server
Certificate Authority: IssuingCA-Example
Expiration Date: Sun Jan 24 03:04:14 2027

svm1-mc
99990000AAAABBBBCCCCDDDDEEEEFFFF11112222
svm1.example.com_99990000AAAABBBBCCCCDDDDEEEEFFFF11112222
server
Certificate Authority: IssuingCA-Example
Expiration Date: Wed Apr 01 04:12:35 2026

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.