Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

Change default security certificate expiration time

sraudonis

Hello,

 

the self signed certifiactes creating during install and SVM creation will expire after 365 days.

 

When i install the system i can change this certificates as described here: https://kb.netapp.com/support/index?page=content&id=1014389

 

But when the customer creates a new SVM the new certificate is only 365 days valid and must replaced manually.

 

Is there a way that all new certificates will be valid for 3650 days?

 

Or are there certificates that will be renew automatically?

 

I will prevent that the customer will get problems because there are certificates expired.

 

Regards

Stefan

4 REPLIES 4

sraudonis

This when creating a new certificate on the CLI by entering the commands. I'm asking for a way that all new certificates will be created with a longer time period.

 

So that there is no need for replacing the certificate after creating a new SVM.

 

AJHunt18

Hi,

 

I believe the default expiration date of self-signed security certificates is 365 days since it is recommended to renew certificates every year for security reasons. 

 

Regards,

AJ

KennOwen

Still not answering the question.  What I believe is being asked is if there is a file that can be modified so that all new security certificates default to 3650 days instead of 365 days, or is there a hidden switch in the vserver setup or vserver create command line that would change the default of 365 days to 3650 days when the security certificate is created automatically with SVM creation?  This would really help for automation so one did not have to go back in after the SVM creation to create and install a new certificate.  For a self signed certificate, it should be the customer option of default certificate expirey, not a dictated one.

ostiguy

I am but a dumb OCI guy, but that KB doesn't mention the -expire-days cli option where you can override the default 365 day value with as much as 36510

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public