Skip to main content

Manage security certificates on ASA r2 storage systems

Contributors netapp-aherbin
PDFs

Use digital security certificates to verify the identity of remote servers.

Online Certificate Status Protocol (OCSP) validates the status of digital certificate requests from ONTAP services using SSL and Transport Layer Security (TLS) connections.

Generate a certificate signing request

Generate a certificate signing request (CSR) to create a private key which can be used to generate a public certificate.

Steps

  1. In System Manager, select Cluster > Settings.

  2. Under Security, next to Certificates, select blue arrow pointing to the right; then select blue rectangle containing a plus sign followed by the words generate csr.

  3. Enter the subject common name; then select the country.

  4. If you want to change the GSR defaults, select extended key usage, or add subject alternative names, select two arrows facing diagonally opposite directions followed by the words more options; then make the desired updates.

  5. Select Generate.

Result

You have generated a CSR to which can be used to generate a public certificate.

Add a trusted certificate authority

ONTAP provides a default set of trusted root certificates for applications using Transport Layer Security (TLS). You can add additional trusted certificate authorities as needed.

Steps

  1. Select Cluster > Settings.

  2. Under Security, next to Certificates, select blue arrow pointing to the right.

  3. Select Trusted certificate authorities.

  4. Enter or import the certificate details; then select blue rectangle containing a plus sign followed by the word add in white letters.

Result

You have added a new trusted certificate authority to your ASA r2 system.

Renew or delete a trusted certificate authority

Trusted certificate authorities must be renewed annually. If you do not want to renew an expired certificate, you should delete it.

Steps

  1. Select Cluster > Settings.

  2. Under Security, next to Certificates, select blue arrow pointing to the right.

  3. Select Trusted certificate authorities.

  4. Select the trust certificate authority that you want to renew or delete.

  5. Renew or delete the certificate authority.

    To renew the certificate authority, do this…​ To delete the certificate authority, do this…​

    1. Select three vertical blue dots; then select Renew.

    2. Enter or import the certificate information; then select Renew.

    1. Select three vertical blue dots; then select Delete.

    2. Confirm that you want to delete; then select Delete.
Result

You have renewed or deleted an existing trusted certificate authority on your ASA r2 system.

Add a client/server certificate or local certificate authorities

Add a client/server certificate or local certificate authorities to enable secure web services.

Steps

  1. In System Manager, select Cluster > Settings.

  2. Under Security, next to Certificates, select blue arrow pointing to the right.

  3. Select Client/server certificates or Local certificate authorities.

  4. Add the certificate information; then select blue rectangle containing blue plus sign followed by the word add.

Result

You have added a new client/server certificate or local authorities to your ASA r2 system.

Renew or delete a client/server certificate or local certificate authorities

Client/server certificates and local certificate authorities must be renewed annually. If you do not want to renew an expired certificate or local certificate authorities, you should delete them.

Steps

  1. Select Cluster > Settings.

  2. Under Security, next to Certificates, select blue arrow pointing to the right.

  3. Select Client/server certificates, or Local certificate authorities.

  4. Select the certificate you want to renew or delete.

  5. Renew or delete the certificate authority.

    To renew the certificate authority, do this…​ To delete the certificate authority, do this…​

    1. Select three vertical blue dots; then select Renew.

    2. Enter or import the certificate information; then select Renew.

    Select three vertical blue dots; then select Delete.
Result

You have renewed or deleted an existing client/server certificate or local certificate authority on your ASA r2 system.