topic Re: mgmtgwd.certificate.expired: A digital certificate with Fully Qualified Domain Name (FQDN) snap, in ONTAP Discussions

mgmtgwd.certificate.expired: A digital certificate with Fully Qualified Domain Name (FQDN) snap, Ser

Vipul_Nagar — Wed, 08 Oct 2025 11:31:16 GMT

Hi Team

I'm getting below event on my OnTap which is running on 9.15.*.*

"mgmtgwd.certificate.expired: A digital certificate with Fuly Qualified Domain Name (FQDN) snap, Serial Number 173B18A666E8BCBF, Certificate Authority 'snap' and type server for Vserver backup_svm has expired."

As I know how to renew by my concern while renewing its giving below popup so just want to confirm if i simply renew it will

it impact my OnTap

Renew client/server certificate

The existing certificate won't be deleted, but a copy of the certificate will be created. You should manually remap applications associated with the old certificate to be associated with the new certificate.

Existing certificate name snap_173B18A666E8BCBF

Please suggest

Re: mgmtgwd.certificate.expired: A digital certificate with Fully Qualified Domain Name (FQDN) snap,

chamfer — Wed, 08 Oct 2025 21:28:07 GMT

Hi @Vipul_Nagar,

Just renewing the self-signed certificate does essentially nothing if you don't replace the old certificate on the SVM with the new one. "You should manually remap applications associated with the old certificate to be associated with the new certificate."

You need to understand What is using the certificate on your SVM named "backup_svm"? If you have an application that is expecting a certificate from a specific CA or where you need to generate, export from ONTAP, and import to your backup product.

Once you have generated your self-signed certificate you need to apply it. CLI command reference is here security ssl modify

The commands would be something like:

ssl modify -vserver backup_svm -ca <CA> -serial <SERIAL> -common-name <common-name>

Re: mgmtgwd.certificate.expired: A digital certificate with Fully Qualified Domain Name (FQDN) snap,

Vipul_Nagar — Thu, 09 Oct 2025 07:28:58 GMT

i Chamfer,

Thank you for your response.

I had a follow-up question regarding the certification renewal process. While renewing, I received a notification (as shown in my previous post). If I choose to ignore this notification and proceed, will it have any impact on the certification status or functionality?

If there is any impact, could you please share a KB article or documentation that provides more clarity on this?

Thanks again for addressing this question.

Best regards,
Vipul Nagar

Re: mgmtgwd.certificate.expired: A digital certificate with Fully Qualified Domain Name (FQDN) snap,

chamfer — Tue, 14 Oct 2025 21:47:45 GMT

Hi @Vipul_Nagar ,

If you choose to ignore the notification and proceed, there could potentially be no impact for functionality. For example if you are using NFS v3 on the SVM it wouldn't matter if a TLS certificate expired...... though if you are using NFS over TLS or S3 with HTTPS then you could have a disruption, depending on the client(s) settings.

Here is a NetApp KB article which does provide some information What is the impact of an expired digital certificate used for a Vserver? - NetApp Knowledge Base

At the end of the day you need to understand what protocols you are using and are they using TLS...... Also don't forget non client protocols like LDAP.