topic DFM SSL and trust chains in Active IQ Unified Manager Discussions https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/DFM-SSL-and-trust-chains/m-p/125423#M22489 <P>Hi:</P><P>&nbsp;</P><P>We are trying to use client signed SSL certificates for the DFM administration page (OnCommane Core Package 5.2.1). &nbsp;I've set up ssl with the "dfm ssl server setup" command and then generated a request to be signed by the client. &nbsp;Once signed, I installed it with the "dfm ssl server import &lt;filename&gt;" command which was successful. &nbsp;After restarting the http service, I can access the web GUI but the certificate is not trusted. &nbsp;I believe this has something to do with the fact the signed certificate contains a "trust chain" which is not being picked up. &nbsp;The file I imported contains the DFM certificate first, then 2 certificate issuers (intermediate and root). &nbsp;If I import the same file but in the opposite direction (root first DFM last), the hhtp service fails to start. &nbsp;My question is, does DFM not support trust chains or is there an undocumented way of getting this to work? &nbsp;The basic error I get in Firefox is that the certificate is not trusted because the issuer certificate is unknown.</P> Wed, 04 Jun 2025 18:15:29 GMT mrosebro 2025-06-04T18:15:29Z DFM SSL and trust chains https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/DFM-SSL-and-trust-chains/m-p/125423#M22489 <P>Hi:</P><P>&nbsp;</P><P>We are trying to use client signed SSL certificates for the DFM administration page (OnCommane Core Package 5.2.1). &nbsp;I've set up ssl with the "dfm ssl server setup" command and then generated a request to be signed by the client. &nbsp;Once signed, I installed it with the "dfm ssl server import &lt;filename&gt;" command which was successful. &nbsp;After restarting the http service, I can access the web GUI but the certificate is not trusted. &nbsp;I believe this has something to do with the fact the signed certificate contains a "trust chain" which is not being picked up. &nbsp;The file I imported contains the DFM certificate first, then 2 certificate issuers (intermediate and root). &nbsp;If I import the same file but in the opposite direction (root first DFM last), the hhtp service fails to start. &nbsp;My question is, does DFM not support trust chains or is there an undocumented way of getting this to work? &nbsp;The basic error I get in Firefox is that the certificate is not trusted because the issuer certificate is unknown.</P> Wed, 04 Jun 2025 18:15:29 GMT https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/DFM-SSL-and-trust-chains/m-p/125423#M22489 mrosebro 2025-06-04T18:15:29Z