Active IQ Unified Manager Discussions

ONTAP 9.1 System Manager and CA signed certificates


We just got our shiny new FAS2650, running ONTAP 9.1RC2.  We're still climbing the learning curve about clustered ONTAP (everything previous to this is still running 7-mode).


We're running the System Manager with ONTAP using a self-signed SSL certificate.  However, it would be nice to use a CA signed certificate, so I don't have to listen to Chrome whine and complain every time I start the system manager.  Anything I can do to save a couple extra clicks (every time I have to fire up the manager)...


We've got a wildcard certificate for our company that we've loaded into the filer (including the complete certificate chain going back to the CA).  The thing that that I haven't figured out how to do yet is tell the system manager to use the new certificate.  The documentation is a bit lacking in this matter (or I haven't found the right document yet).


Has anyone else figured out how to do this?






Re: ONTAP 9.1 System Manager and CA signed certificates


Hi Patrick,


not only do you need to install the signed certificate, but you also have to assosiate that certificate to the web service.

Basically you could install seperate certificates for various services in the cluster.


I found the following KB article useful every tim I had to deal with certifiatces.


It only talks about renewing the self-signed certificates, but it should give you a good hint what to do with your externally signed cert.

Command-wise use everything that's labeled "8.2" or "8.3". The article is not yet updated to 9.1 but commands work.


Kind regards, Niels



If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both.

View solution in original post

Re: ONTAP 9.1 System Manager and CA signed certificates


Thanks for the pointer, Neils.  That got me where I needed to go.


I was wondering if the certificate would be bound specifically to the system manager, but the only entries I saw were for the SVMs, so I just went with it for the management SVM and I get a happy green SSL indicator from Chrome now.


Appreciate the help.

Re: ONTAP 9.1 System Manager and CA signed certificates




I am using cdot 9.3 and get the advice from mysupport for the expired certificate issue:KB ID: 27617



The output of the commands for 8.2 are different and i want to ask for the correct linked version of the document.

Thanks in advance, Greetings, Thomas





Earn Rewards for Your Review!
GPI Review Banner
All Community Forums