Subscribe

Risk Resolver - Certificate Renew/Recreate

[ Edited ]

Current Version:  1.3

 

Clustered Data ONTAP (also known as ONTAP) uses self-signed certificates by default for management
of the environment. These certificates have a typical expiration date of 1 year (365 days).
This KB describes the process to recreate the certificates:

https://kb.netapp.com/support/index?page=content&id=1014389&locale=en_US&access=s

 

This script handles the steps outlined in the article by doing the following:

  • Connecting to a cluster
  • Collecting all existing certificates
  • Ensuring the certificate is self-signed
  • Deletes the self-signed certificate
  • Creates a new certificate with the same properties as the previous one with a 10 year expiration
  • Configures SSL on the SVM to use the new certificate

Special thanks for inspiration from N.E. at:

http://community.netapp.com/t5/OnCommand-Storage-Management-Software-Discussions/Can-t-add-a-cluster/m-p/62376

Re: Risk Resolver - Certificate Renew/Recreate

Updated to 1.1 with some additional prompts prior to recreating certificates.

Re: Risk Resolver - Certificate Renew/Recreate

Updated version to 1.2 to resolve issue with ONTAP 9 and enahancing the checks for self-signed certificates. 

Re: Risk Resolver - Certificate Renew/Recreate

Excellent work, thank you!