Active IQ Unified Manager Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active IQ Unified Manager Discussions

Ask a Question

NetApp ActiveIQ Unified Manager - HTTPS

NEO-BAHAMUT
‎2025-07-15 03:22 AM
561 Views

Hi All, 

 

We have recently installed NetApp IQ Unified Manager, and in this last week ive upgraded the system to the latest version at this time, 9.16P2.

 

I'm trying to configure the system to use a ca generated certificate rather than the self-generated cert. - Now I dont claim to be any sort of PKI expert, but i have generated lots of certs in my time and got them working. However for this i am sort of stumped.

 

I've used the GUI to generate the CSR file. I've submitted this to our internal CA and i've got a .cer file back. Ive converted it to a .pem file and when i try to upload the cert if gives me the following error.

 

NEOBAHAMUT_0-1752574841794.png

When i install the cert in windows I can see that there is a full chain on the cert. ActiveIQ doesn't appear to be able to see that. I'm guessing its something im doing wrong.

 

Can anyone confirm the steps that do work and i can try again. Or is this a bug?

0 Kudos
1 ACCEPTED SOLUTION

NEO-BAHAMUT
‎2025-07-15 04:24 AM
544 Views

Ok just thought i'd let you know that i have managed to get this working using the below steps

#####################Active IQ Cert Install#################

Generate Certificate for NetAppActive IQ Unified Manager
1. Generate CSR file. - Login to NetApp ActiveIQ Unified Manager, under General>HTTPS Certiciates> Download HTTPS Certificate Signing Request
2. Submit the csr to the CA to generate a .cer file using the below command
certreq -submit -config "YOUR_INTERNAL_CA_HERE" -attrib "CertificateTemplate:YOUR_WEB_SERVER_TEMPLATE_HERE" -kerberos "Path\To\CSR_File.csr" "Path\To\CerFile.cer"
3. Using the guide on this page, export the cert as a p7b format
https://support.axway.com/kb/178782/language/en
4. Using the NetApp article found below use the command in step 4 to convert a DER encoded cert to a pem file.
https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/How_to_generate_and_convert_a_signed_certificate_for_Active_IQ_Unified_Manager#How_to_sign_the_certifi...
5. Try importing (It will probably fail), if it doesn't work you must make it look like how it specifies on NetApp'a site at the below site. You might have to move the certs around in the file
https://docs.netapp.com/us-en/active-iq-unified-manager/config/task_install_ca_signed_and_returned_https_certificate.html

6. Import again and you should get a success message. Reboot your server and should be all good.

 

Hope this helps someone. - if not it will help me next year 😄

View solution in original post

1 REPLY 1

NEO-BAHAMUT
‎2025-07-15 04:24 AM
545 Views

Ok just thought i'd let you know that i have managed to get this working using the below steps

#####################Active IQ Cert Install#################

Generate Certificate for NetAppActive IQ Unified Manager
1. Generate CSR file. - Login to NetApp ActiveIQ Unified Manager, under General>HTTPS Certiciates> Download HTTPS Certificate Signing Request
2. Submit the csr to the CA to generate a .cer file using the below command
certreq -submit -config "YOUR_INTERNAL_CA_HERE" -attrib "CertificateTemplate:YOUR_WEB_SERVER_TEMPLATE_HERE" -kerberos "Path\To\CSR_File.csr" "Path\To\CerFile.cer"
3. Using the guide on this page, export the cert as a p7b format
https://support.axway.com/kb/178782/language/en
4. Using the NetApp article found below use the command in step 4 to convert a DER encoded cert to a pem file.
https://kb.netapp.com/data-mgmt/AIQUM/AIQUM_Kbs/How_to_generate_and_convert_a_signed_certificate_for_Active_IQ_Unified_Manager#How_to_sign_the_certifi...
5. Try importing (It will probably fail), if it doesn't work you must make it look like how it specifies on NetApp'a site at the below site. You might have to move the certs around in the file
https://docs.netapp.com/us-en/active-iq-unified-manager/config/task_install_ca_signed_and_returned_https_certificate.html

6. Import again and you should get a success message. Reboot your server and should be all good.

 

Hope this helps someone. - if not it will help me next year 😄

All Community Forums
Public