- ONTAP 9.9.1 and earlier
- NetApp PowerShell Toolkit
- ONTAP uses self-signed certificates by default for SSL management access
- Those certificates have expiration dates
- To stay current with self-signed SSL certificates a recreation/renewal process is needed
- This article details one method through the NetApp.ONTAP PowerShell toolkit
- There is no downtime required to renew a certificate
- If using ONTAP 9.10.1 or newer follow How to renew an ONTAP self-signed SSL certificate using ONTAP System Manager
- Connecting to a cluster
- Collecting all existing certificates
- Ensuring the certificate is self-signed
- Creates a new certificate with the same properties as the previous one with a 10 year expiration
- Configures SSL on the SVM to use the new certificate
- Deletes the previous self-signed certificate
|Note: This is a community based script and therefore is supported by the community and not within the NetApp support organization.|
1. Install the NetApp.ONTAP PowerShell Toolkit.
2. Install the NetAppSSLCertificateRenew Script.
3. Follow the syntax and usage as outlined in the help section of the script:
PS C:\> get-help NetAppSSLCertificateRenew -detailed
4. Ensure the current PowerShell Execution Policy allows the running of this script (note: this script is not signed). Consult your system administrator if the PowerShell Execution Policy needs to be changed.
PS C:\> Get-ExecutionPolicy -list
5. Execute the script when ready:
PS C:\> NetAppSSLCertificateRenew