Solved: CertPlus Cert expiring - NetApp Community

ONTAP Discussions

Start a New Post

Hi

I received the following alert mgmtgwd.certificate.expiring: A digital certificate with Fully Qualified Domain Name (FQDN) Class2PrimaryCA, Serial Number 85BD4BF3D8DAE369F694D75FC3A54423, Certificate Authority 'Class 2 Primary CA' and type server-ca for Vserver..

The CertPlus cert is expiring shortly can I remove this cert to suppress the alerts as we use an internal CA?

Hi I received the following alert mgmtgwd.certificate.expiring: A digital certificate with Fully Qualified Domain Name (FQDN) Class2PrimaryCA, Serial Number 85BD4BF3D8DAE369F694D75FC3A54423, Certificate Authority 'Class 2 Primary CA' and type server-ca for Vserver..The CertPlus cert is expiring shortly can I remove this cert to suppress the alerts as we use an internal CA?

4 REPLIES 4

A couple of links to look at

What is the impact of an expired digital certificate used for a Vserver?

https://kb.netapp.com/app/answers/answer_view/a_id/1032196/loc/en_US

Hi

Thank you for the links, the Certplus root CA is expiring and does not seem to be renewing it is possible to remove this cert?

MS is removing these from in an upcoming update:

This release will disable the following roots (Root Certificate \ SHA-1 Thumbprint):

CertPlus Class 3P Primary CA \ 216B2A29E62A00CE820146D8244141B92511B279
CertPlus Class 3 Primary CA \ D2EDF88B41B6FE01461D6E2834EC7C8F6C77721E
CertPlus Class 3TS Primary CA \ F44095C238AC73FC4F77BF8F98DF70F8F091BC52

Removing a certificate entirely can be done with the "security certificate delete" command.

Its documentation is located here:

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-950%2Fsecurity__certificate__delete.html

View solution in original post

All Community Forums

Public