How To ReNew SSL Certificate Netapp Cluster Mode Steps

I was trying to setup Netapp Cluster Mode (Cluster) monitoring using OnCommand Unified Manager, one of the cluster not able to add into UFM i am getting error “Host 192.168.2.155 you specified has identified itself with a self signed certificate for OnCommand Unified Manager that has expired. Therefore, you cannot proceed.”  To resolve this issue i have to renew expired SSL Certificates in Netapp Cluster Mode 8.3 ONTAP Version. In this article we are going to see How To Renew SSL Certificate Netapp Cluster Mode.

I have resolved using below steps it may helpful for you

How To Renew SSL Certificate Netapp Cluster Mode 8.3 Version

To verify SSL certificate status, we have to change mode from admin to advanced. SSL commands are advanced level commands

Ark-Netapp01::> set -privilege advanced

Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel.
Do you want to continue? {y|n}: y

Ark-Netapp01::*> security certificate show
Vserver Serial Number Common Name Type
---------- --------------- -------------------------------------- ------------
ark-netapp-01
 558A0299 ark-netcdot-1-01 server
 Certificate Authority: ark-netcdot-1-01
 Expiration Date: Thu Jun 23 09:06:34 2016

Before acting on further actions like deleting, modifying certificates collect all the details of particular certificate using below command

Ark-Netapp-01::> security certificate show -vserver ark-netapp-01 -common-name ark-netapp-01 -ca ark-netapp-01 -type server

Required Details are

  • Vserver Name
  • FQDN Or Common Name
  • Certificate Authority (CA)
  • Type of Certificate (server)
  • Bit value (2048)
  • Country (US)
  • Protocol (SSL)
  • Hashing Funtion (SHA256)

Delete Expired SSL Certificate First

Ark-Netapp01::>security certificate delete -vserver ark-vserver-01 -common-name ark-netapp-01 -ca ark-netapp-01 -type server

Warning: Deleting a server certificate will also delete the corresponding server-chain certificate, if one exists.
Do you want to continue? {y|n}: y
1 entry was deleted.

Note: Do not try to delete all at once, just try one by one

Verify After deleting Certificate using ssl command

Ark-Netapp1::*> ssl show
 (security ssl show)
 Serial Server Client
Vserver Number Common Name Enabled Enabled
--------- ------ --------------------------------------- ------- -------
ark-netapp-01  - - false false
 Certificate Authority: -

Enabled = false which means certificate deleted successfully

Create New SSL Certificate Netapp Cluster Mode

It’s a very straight forward command to create SSL certificate in Netapp C-mode

Ark-Netapp01::*> security certificate create -vserver ark-vserver-01 -common-name ark-netapp-01 -size 2048 -type server -country US -expire-days 3000 -hash-function SHA256

Let’s verify certificate is created or not

Ark-Netapp01::*> security certificate show
Vserver Serial Number Common Name Type
---------- --------------- -------------------------------------- ------------
ark-vserver-01
 59A6A011 ark-netapp-01 server
 Certificate Authority: ark-netapp-01
 Expiration Date: Sat Aug 28 19:22:57 2027

Renew SSL Certificate using below command. In order renew certificate you have to note down the new certificate serial number from above command output

Ark-Netapp01::*> security ssl modify -vserver ark-vserver-01 -common-name ark-netapp-01 -ca ark-netapp-01 -server-enabled true -serial 59A6A011

Warning: The certificate ark-netapp-01 is a self-signed certificate, which offers no verification of identity by client machines. This
 presents the risk of man-in-the-middle attacks by malicious third-parties.
Do you want to continue? {y|n}: y

Now Certificate has been re-attached to vserver with common name let’s verify and check in UFM

Ark-Netapp01::*> ssl show
 (security ssl show)
 Serial Server Client
Vserver Number Common Name Enabled Enabled
--------- ------ --------------------------------------- ------- -------
ark-netapp-01
 59A6A011
 ark-netapp-01 true false
 Certificate Authority: ark-netapp-01

come back from advanced mode to admin mode that’s it.

Ark-Netapp01::> set -privilege admin

Now your renew SSL Certificate Netapp Cluster Mode is successful

Conclusion:

Re generating and activating cluster mode certificate commands varies from version to version please check before executing.

Related Articles

C-Mode Commands Cheat Sheet

C-Mode Top Commands

Monitoring C-Mode Using Nagios

For More Guides See this

Thanks for your wonderful Support and Encouragement