ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

mgmtgwd.certificate.expired: A digital certificate with Fully Qualified Domain Name (FQDN) snap, Ser

Vipul_Nagar
3 weeks ago
4,264 Views

Hi Team 

 

I'm getting below event on my OnTap which is running on 9.15.*.*  

 

"mgmtgwd.certificate.expired: A digital certificate with Fuly Qualified Domain Name (FQDN) snap, Serial Number 173B18A666E8BCBF, Certificate Authority 'snap' and type server for Vserver backup_svm has expired."

 

As I know how to renew by my concern while renewing its giving below popup so just want to confirm if i simply renew it will

it impact my OnTap 

Renew client/server certificate

The existing certificate won't be deleted, but a copy of the certificate will be created. You should manually remap applications associated with the old certificate to be associated with the new certificate.
Existing certificate name snap_173B18A666E8BCBF

Please suggest

Preview file
37 KB
0 Kudos
3 REPLIES 3

chamfer
3 weeks ago
4,217 Views

Hi @Vipul_Nagar,

 

Just renewing the self-signed certificate does essentially nothing if you don't replace the old certificate on the SVM with the new one.  "You should manually remap applications associated with the old certificate to be associated with the new certificate."

 

You need to understand What is using the certificate on your SVM named "backup_svm"? If you have an application that is expecting a certificate from a specific CA or where you need to generate, export from ONTAP, and import to your backup product.

 

Once you have generated your self-signed certificate you need to apply it.  CLI command reference is here security ssl modify

 

The commands would be something like:

 

ssl modify -vserver backup_svm -ca <CA> -serial <SERIAL> -common-name <common-name>

 

 

 

 

 

0 Kudos

Vipul_Nagar
3 weeks ago
In response to chamfer
4,187 Views

i Chamfer,

Thank you for your response.

I had a follow-up question regarding the certification renewal process. While renewing, I received a notification (as shown in my previous post). If I choose to ignore this notification and proceed, will it have any impact on the certification status or functionality?

If there is any impact, could you please share a KB article or documentation that provides more clarity on this?

Thanks again for addressing this question.

Best regards,
Vipul Nagar

0 Kudos

chamfer
2 weeks ago
In response to Vipul_Nagar
975 Views

Hi @Vipul_Nagar ,

 

If you choose to ignore the notification and proceed, there could potentially be no impact for functionality.  For example if you are using NFS v3 on the SVM it wouldn't matter if a TLS certificate expired...... though if you are using NFS over TLS or S3 with HTTPS then you could have a disruption, depending on the client(s) settings.

 

Here is a NetApp KB article which does provide some information What is the impact of an expired digital certificate used for a Vserver? - NetApp Knowledge Base

 

At the end of the day you need to understand what protocols you are using and are they using TLS...... Also don't forget non client protocols like LDAP.

 

0 Kudos
All Community Forums
Public