Subscribe

Risk Resolver - Certificate Renew/Recreate

[ Edited ]

Current Version:  1.3

 

Clustered Data ONTAP (also known as ONTAP) uses self-signed certificates by default for management
of the environment. These certificates have a typical expiration date of 1 year (365 days).
This KB describes the process to recreate the certificates:

https://kb.netapp.com/support/index?page=content&id=1014389&locale=en_US&access=s

 

This script handles the steps outlined in the article by doing the following:

  • Connecting to a cluster
  • Collecting all existing certificates
  • Ensuring the certificate is self-signed
  • Deletes the self-signed certificate
  • Creates a new certificate with the same properties as the previous one with a 10 year expiration
  • Configures SSL on the SVM to use the new certificate

Special thanks for inspiration from N.E. at:

http://community.netapp.com/t5/OnCommand-Storage-Management-Software-Discussions/Can-t-add-a-cluster/m-p/62376

Re: Risk Resolver - Certificate Renew/Recreate

Updated to 1.1 with some additional prompts prior to recreating certificates.

Re: Risk Resolver - Certificate Renew/Recreate

Updated version to 1.2 to resolve issue with ONTAP 9 and enahancing the checks for self-signed certificates. 

Re: Risk Resolver - Certificate Renew/Recreate

Excellent work, thank you!

Re: Risk Resolver - Certificate Renew/Recreate

[ Edited ]

Hi

 

Trying to test this at the moment but i getting the following error on the following lines -

 

You cannot call a method on a null-valued expression.
At line:302 char:9
+         $GetCertificateResults = $GetCertificateResults.ToString()

 

and

 

You cannot call a method on a null-valued expression.
At line:304 char:13
+         If ($GetCertificateResults.contains($SerialNumber)) {

 

Do you have any ideas ?

 

Thanks

 

 

===============

 

===============

 

===============

 

 

Edit Ignore This - redownloaded the file and the formatting was fixed.

Re: Risk Resolver - Certificate Renew/Recreate

Sorry I wasn't able to respond earlier.  I saw your edit - are you OK now? 

Re: Risk Resolver - Certificate Renew/Recreate

Getting the same errors as EHooper, unfortunately a redownload didn't correct the issue for me. Any ideas on what could be causing the errors?

 

You cannot call a method on a null-valued expression.
At C:\Users\REDACTED\Downloads\RiskResolverCertificate.ps1:308 char:9
+         $GetCertificateResults = $GetCertificateResults.ToString()
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
 
You cannot call a method on a null-valued expression.
At C:\Users\REDACTED\Downloads\RiskResolverCertificate.ps1:310 char:13
+         If ($GetCertificateResults.contains($SerialNumber)) {
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull