Hello,

we want to import a new Certificate Authority (CA) signed certificate in our FAS2552 (ONTAP 9.8).

After install with "security certificate install -vserver NAME -type -server-ca" and so on, all looks fine:

Checking the certificate looked like this:

FAS25521::> security certificate show -cert-name FAS2552n.xxxxxx.de

Vserver    Serial Number   Certificate Name                       Type

---------- --------------- -------------------------------------- ------------

FAS2552x   6D00015BC54A82ECA7B2ECE64C0002nnnnnnnn

                           FAS2552n.xxxxxx.de                    server-ca

    Certificate Authority: xxxxxxxxxx Systemhaus Enterprise CA nn

          Expiration Date: Fri Dec 09 11:49:53 2022

FAS25521::>

But if we want to modify the SSL security configuration for the cluster SVM to use the new certificate we got an Error:

FAS2552x::> security ssl modify -vserver FAS2552n -serial 6D00015BC54A82ECA7B2ECE64C0002nnnnnnnn -ca "xxxxxxxxxx Systemhaus Enterprise CA nn" -server-enabled true

Error: command failed: Certificate with CA: "xxxxxxxxxx Systemhaus Enterprise CA nn" and Serial-number: "6D00015BC54A82ECA7B2ECE64C0002nnnnnnnn" does not exist.

FAS2552x::>

Although CA and serial number are correct, a certificate with this information allegedly does not exist.

But also, when I display the certificate via the serial number, I get the following

FAS25521::> security certificate show -serial 6D00015BC54A82ECA7B2ECE64C0002nnnnnn -fields serial, ca
vserver common-name serial ca type subtype cert-name
-------- ------------------- -------------------------------------- ---------------------------------------- --------- ------- -------------------
FAS2552n FAS2552n.xxxxxx.de 6D00015BC54A82ECA7B2ECE64C0002nnnnnn "xxxxxxxxxx Systemhaus Enterprise CA nn" server-ca - FAS2552n.xxxxxx.de

FAS25521::>

Actually everything correct - or not ? What is wrong?

Any ideas?

Thanks a lot

Best regards 

Michael