Active IQ Unified Manager Discussions
Active IQ Unified Manager Discussions
Last year we generated a CA-signed cert for ActiveIQ Unified Manager for the first time. We followed the procedure below and it went fine.
Now we need to renew it, however there don't appear to be any clear instructions on how to renew a CA-signed certificate for AIUM. The following link takes you to articles on how to generate/install a CA-signed cert, renew a self-generated cert, and install/renew a CA cert for System Manager - but nothing about renewing a CA-signed cert for AIUM. Can anyone provide insight into the correct procedures? We've tried a mixture of steps from the articles linked below but nothing is working so far.
Solved! See The Solution
Thanks for the reply and your comments
Thanks...
Hello...
Let us know if any of these article help you with CA signed certificate with AIQUM?
How to generate and convert a signed certificate for Active IQ Unified Manager
https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/How_to_generate_and_convert_a_signed_certificate_for_Active_IQ_Unified_Manager
Security Enhancements in Active IQ Unified Manager 9.9 Part 1: Import a Remotely Generated CSR
https://community.netapp.com/t5/Tech-ONTAP-Blogs/Security-Enhancements-in-Active-IQ-Unified-Manager-9-9-Part-1-Import-a-Remotely/ba-p/167583
Can Active IQ Unified Manager accept a remotely generated CSR?
https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/Can_Active_IQ_Unified_Manager_accept_a_remotely_generated_CSR
How to create a CA signed certificate in AIQUM using OpenSSL with EC/RSA algorithm?
https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/How_to_create_a_CA_signed_certificate_in_AIQUM_using_OpenSSL_with_EC_RSA_algorithm
Thanks @hamdani ! Thoughts on each of these:
The general sense I'm getting from the links you sent is that there's a relatively newer way to generate a CA signed cert that doesn't require you to first download a request from a self-generated cert in AIUM. If that's the case, that is probably what we need to do but it's not entirely clear. Thanks again for sending the links!
Thanks for the reply and your comments
Thanks...
Thanks @hamdani . I actually wasn't 100% sure you guys didn't have a doc explaining how to renew, thank you for confirming it! By the way, my security guy corrected me and said he does use OpenSSH, so I was mistaken. He's going to try the procedure you linked to earlier.
So the new procedure you just mentioned is basically a way to "restart" the process - remove the CA signed cert, replace it with a self-generated one, and use that to request an updated CA signed cert? And at that point it would be the same process we did last year? If so that makes sense, although it is a bit convoluted, but I'll take it lol!