Subscribe
Accepted Solution

ONTAP 9.1 System Manager and CA signed certificates

[ Edited ]

We just got our shiny new FAS2650, running ONTAP 9.1RC2.  We're still climbing the learning curve about clustered ONTAP (everything previous to this is still running 7-mode).

 

We're running the System Manager with ONTAP using a self-signed SSL certificate.  However, it would be nice to use a CA signed certificate, so I don't have to listen to Chrome whine and complain every time I start the system manager.  Anything I can do to save a couple extra clicks (every time I have to fire up the manager)...

 

We've got a wildcard certificate for our company that we've loaded into the filer (including the complete certificate chain going back to the CA).  The thing that that I haven't figured out how to do yet is tell the system manager to use the new certificate.  The documentation is a bit lacking in this matter (or I haven't found the right document yet).

 

Has anyone else figured out how to do this?

 

Thanks

 

Patrick

Re: ONTAP 9.1 System Manager and CA signed certificates

Hi Patrick,

 

not only do you need to install the signed certificate, but you also have to assosiate that certificate to the web service.

Basically you could install seperate certificates for various services in the cluster.

 

I found the following KB article useful every tim I had to deal with certifiatces.

https://kb.netapp.com/support/s/article/how-to-renew-an-ssl-certificate-in-clustered-data-ontap?t=1486136032325

 

It only talks about renewing the self-signed certificates, but it should give you a good hint what to do with your externally signed cert.

Command-wise use everything that's labeled "8.2" or "8.3". The article is not yet updated to 9.1 but commands work.

 

Kind regards, Niels

 

---------------------

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both.

Re: ONTAP 9.1 System Manager and CA signed certificates

Thanks for the pointer, Neils.  That got me where I needed to go.

 

I was wondering if the certificate would be bound specifically to the system manager, but the only entries I saw were for the SVMs, so I just went with it for the management SVM and I get a happy green SSL indicator from Chrome now.

 

Appreciate the help.