https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Certificate-based-authentication-in-UM-7-3-9-4/m-p/142848#M26106 <P>Hi. you mean OCUM&nbsp;access to the cluster with a Client Cert and not a user? if so, i don't think it's possible.</P> <P>&nbsp;</P> <P>Also from sec point. i think that ther's much&nbsp;different if the client cert saved in OCUM getting stolen or a password/api key saved in OCUM getting stolen.</P> <P>Client cert is mainly useful when you have a token device or a smart card to protect the key. if the cert is unprotected - it's not much&nbsp;different from an unprotected password (well -after a re-think: at least for common attacks. as the private key will also not go over the wire as password do on the authentication. but that goes&nbsp;encrypted channel anyway)</P> <P>&nbsp;</P> <P>Gidi.</P> Fri, 21 Sep 2018 01:27:12 GMT GidonMarcus 2018-09-21T01:27:12Z https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Certificate-based-authentication-in-UM-7-3-9-4/m-p/142845#M26104 <P>need advise on how to implement this solution, rather than relying having to create local a/c in nas used for adding it to UM for datasource acquisition.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 04 Jun 2025 13:17:43 GMT https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Certificate-based-authentication-in-UM-7-3-9-4/m-p/142845#M26104 Cavin 2025-06-04T13:17:43Z https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Certificate-based-authentication-in-UM-7-3-9-4/m-p/142848#M26106 <P>Hi. you mean OCUM&nbsp;access to the cluster with a Client Cert and not a user? if so, i don't think it's possible.</P> <P>&nbsp;</P> <P>Also from sec point. i think that ther's much&nbsp;different if the client cert saved in OCUM getting stolen or a password/api key saved in OCUM getting stolen.</P> <P>Client cert is mainly useful when you have a token device or a smart card to protect the key. if the cert is unprotected - it's not much&nbsp;different from an unprotected password (well -after a re-think: at least for common attacks. as the private key will also not go over the wire as password do on the authentication. but that goes&nbsp;encrypted channel anyway)</P> <P>&nbsp;</P> <P>Gidi.</P> Fri, 21 Sep 2018 01:27:12 GMT https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Certificate-based-authentication-in-UM-7-3-9-4/m-p/142848#M26106 GidonMarcus 2018-09-21T01:27:12Z