How To ReNew SSL Certificate Netapp Cluster Mode Steps
I was trying to setup Netapp Cluster Mode (Cluster) monitoring using OnCommand Unified Manager, one of the cluster not able to add into UFM i am getting error “Host 192.168.2.155 you specified has identified itself with a self signed certificate for OnCommand Unified Manager that has expired. Therefore, you cannot proceed.” To resolve this issue i have to renew expired SSL Certificates in Netapp Cluster Mode 8.3 ONTAP Version. In this article we are going to see How To Renew SSL Certificate Netapp Cluster Mode.
I have resolved using below steps it may helpful for you
How To Renew SSL Certificate Netapp Cluster Mode 8.3 Version
To verify SSL certificate status, we have to change mode from admin to advanced. SSL commands are advanced level commands
Ark-Netapp01::> set -privilege advanced Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel. Do you want to continue? {y|n}: y Ark-Netapp01::*> security certificate show Vserver Serial Number Common Name Type ---------- --------------- -------------------------------------- ------------ ark-netapp-01 558A0299 ark-netcdot-1-01 server Certificate Authority: ark-netcdot-1-01 Expiration Date: Thu Jun 23 09:06:34 2016
Before acting on further actions like deleting, modifying certificates collect all the details of particular certificate using below command
Ark-Netapp-01::> security certificate show -vserver ark-netapp-01 -common-name ark-netapp-01 -ca ark-netapp-01 -type server
Required Details are
- Vserver Name
- FQDN Or Common Name
- Certificate Authority (CA)
- Type of Certificate (server)
- Bit value (2048)
- Country (US)
- Protocol (SSL)
- Hashing Funtion (SHA256)
Delete Expired SSL Certificate First
Ark-Netapp01::>security certificate delete -vserver ark-vserver-01 -common-name ark-netapp-01 -ca ark-netapp-01 -type server Warning: Deleting a server certificate will also delete the corresponding server-chain certificate, if one exists. Do you want to continue? {y|n}: y 1 entry was deleted.
Note: Do not try to delete all at once, just try one by one
Verify After deleting Certificate using ssl command
Ark-Netapp1::*> ssl show
(security ssl show)
Serial Server Client
Vserver Number Common Name Enabled Enabled
--------- ------ --------------------------------------- ------- -------
ark-netapp-01 - - false false
Certificate Authority: -
Enabled = false which means certificate deleted successfully
Create New SSL Certificate Netapp Cluster Mode
It’s a very straight forward command to create SSL certificate in Netapp C-mode
Ark-Netapp01::*> security certificate create -vserver ark-vserver-01 -common-name ark-netapp-01 -size 2048 -type server -country US -expire-days 3000 -hash-function SHA256
Let’s verify certificate is created or not
Ark-Netapp01::*> security certificate show
Vserver Serial Number Common Name Type
---------- --------------- -------------------------------------- ------------
ark-vserver-01
59A6A011 ark-netapp-01 server
Certificate Authority: ark-netapp-01
Expiration Date: Sat Aug 28 19:22:57 2027
Renew SSL Certificate using below command. In order renew certificate you have to note down the new certificate serial number from above command output
Ark-Netapp01::*> security ssl modify -vserver ark-vserver-01 -common-name ark-netapp-01 -ca ark-netapp-01 -server-enabled true -serial 59A6A011 Warning: The certificate ark-netapp-01 is a self-signed certificate, which offers no verification of identity by client machines. This presents the risk of man-in-the-middle attacks by malicious third-parties. Do you want to continue? {y|n}: y
Now Certificate has been re-attached to vserver with common name let’s verify and check in UFM
Ark-Netapp01::*> ssl show (security ssl show) Serial Server Client Vserver Number Common Name Enabled Enabled --------- ------ --------------------------------------- ------- ------- ark-netapp-01 59A6A011 ark-netapp-01 true false Certificate Authority: ark-netapp-01
come back from advanced mode to admin mode that’s it.
Ark-Netapp01::> set -privilege admin
Now your renew SSL Certificate Netapp Cluster Mode is successful
Conclusion:
Re generating and activating cluster mode certificate commands varies from version to version please check before executing.
Related Articles
Monitoring C-Mode Using Nagios
Thanks for your wonderful Support and Encouragement