.pem – (Privacy-enhanced Electronic Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
.cer, .crt, .der – usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
Do I have to or May I use OpenSSL to set up my own "keys-tree" certificate for the 8488 dfmserver port?
P.S. Some more background informations found in the net, but not tested:
Migrating certificates, keys, and truststores manually
During DataFabric Manager server database backups, the directories containing certificates, keys, and truststores for both cloud service clients and host service clients are not backed up. If you want to restore database backups to a different DataFabric Manager server, you must manually migrate the certificates, keys, and truststore directories or the restore fails.
About this task
This procedure is not required when you back up and restore the database to the same DataFabric Manager server.
On the DataFabric Manager server you want to migrate, back up the database.
On the DataFabric Manager server you just backed up, copy the following three folders from the \DataFabric Manager install directory\conf\keys\ directory:
Restore the database to the new DataFabric Manager server.
Copy the three folders from the original DataFabric Manager server to the same directory on the destination DataFabric Manager server.
Perform one of the following actions, depending on which type of clients you are migrating:
If you migrate clients in a cloud infrastructure, after the migration, generate a new DataFabric Manager server certificate on the destination DataFabric Manager server by entering dfm ssl service setup, and then load the new certificate by entering dfm ssl service reload
Note: If you do not generate a new certificate, the new DataFabric Manager server will load the certificate that was migrated from the original DataFabric Manager server causing DataFabric Manager server hostname validation to fail on cloud service clients.
If you are migrating host service clients, after the migration, unregister the host service and then register the new host service from the Host Services tab in the OnCommand console.
Parent topic: Certificate-based authentication
Verifying that a host service is registered with the DataFabric Manager server (7-Mode environments only)
Creating self-signed certificates in the DataFabric Manager server
You can generate self-signed certificate from the command-line interface (CLI) of the DataFabric Manager server. You can set up the DataFabric Manager server as a Certificate Authority (CA), and generate self-signed certificates.
Log into the DataFabric Manager server as the DataFabric Manager server administrator.
From the command-line interface, enter the following command:
dfm ssl server setup
Enter the following information when prompted:
State or Province
Organizational Unit Name
The DataFabric Manager server SSL server is now initialized with a self-signed certificate and the private key, server.key file is placed in the following DataFabric Manager server directory: c:\Program Files\NetApp\DataFabric Manager\DFM\conf\.