Microsoft Virtualization Discussions

Risk Resolver - Certificate Renew/Recreate

mcgue
25,120 Views

Current Version:  1.5

 

Clustered Data ONTAP (also known as ONTAP) uses self-signed certificates by default for management
of the environment. These certificates have a typical expiration date of 1 year (365 days).
This KB describes the process to recreate the certificates:

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_renew_an_SSL_certificate_in_ONTAP_9

 

This script handles the steps outlined in the article by doing the following:

  • Connecting to a cluster
  • Collecting all existing certificates
  • Ensuring the certificate is self-signed
  • Deletes the self-signed certificate
  • Creates a new certificate with the same properties as the previous one with a 10 year expiration
  • Configures SSL on the SVM to use the new certificate

 

Article link updated by Admin on Sept 29, 2020.

24 REPLIES 24

dgwhitecalgary
4,673 Views

You can prompt the user for their credentials at the start of the script then use the credential object to pass to cmdlets. I use this technique often. Your cmdlet needs to support a credential parameter though.

 

#Store credentials if needed
if (!($Creds)){Set-Variable -Name Creds -Value (Get-Credential -credential "$env:userdomain\$env:username") -Scope Global -Visibility Public -Option AllScope}

mcgue
4,590 Views

Excellent - thank you for the suggestion!


@dgwhitecalgary wrote:

You can prompt the user for their credentials at the start of the script then use the credential object to pass to cmdlets. I use this technique often. Your cmdlet needs to support a credential parameter though.

 

#Store credentials if needed
if (!($Creds)){Set-Variable -Name Creds -Value (Get-Credential -credential "$env:userdomain\$env:username") -Scope Global -Visibility Public -Option AllScope}


 

mcgue
4,179 Views

I can't edit this original post anymore, but the updated link to the relevant KB article is here:

 

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_renew_an_SSL_certificate_in_ONTAP_9 

mcgue
2,470 Views

The new iteration of the script can now be found here:

 

https://www.powershellgallery.com/packages/NetAppSSLCertificateRenew

 

Public