Import SSL Wildcard Certificate into ONTAP 9.3P2

orametrix · ‎2019-06-04

When we 1st installed our filer, the consultant helped us to import a wildcard SSL certificate into ONTAP and bind that certificate to the vserver for system manager, etc. Well, that wildcard certificate has expired. I've renewed it, but now I'm trying to figure out the magic for importing the certificate again.

The "typical" process would be to generate a CSR and then have a third party sign it. That's not what I need to do. I have a fully formed certificate that I've exported from a Windows server. There's is no need for a CSR--I've got an exported certificate. So how do I import this thing into ONTAP?

Thanks!

donny_lang · ‎2019-06-04

You should be able to install an existing CA-signed SSL cert with the "security certificate install" command, pasting in the cert and private key (and any intermediate/root certs) when prompted to do so. After that, you should be able to see your certificate in the output of the "security certificate show" command.

From there, you can continue the certificate renewal process (delete expired cert, set new cert with "security ssl modify", etc.), specifying your newly imported certificate.

"security certificate install" documentation:

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-950%2Fsecurity__certificate__install.html

Replacing an expired digital certificate documentation:

https://library.netapp.com/ecmdocs/ECMP1636038/html/GUID-59C84C17-1019-4B54-9824-474576B68D95.html

Donny

Import SSL Wildcard Certificate into ONTAP 9.3P2

Portfolio Updates | NetApp ONAIR