Manage security certificates on ASA r2 storage systems
Suggest changes
PDFs
Use digital security certificates to verify the identity of remote servers.
Online Certificate Status Protocol (OCSP) validates the status of digital certificate requests from ONTAP services using SSL and Transport Layer Security (TLS) connections.
Generate a certificate signing request
Generate a certificate signing request (CSR) to create a private key which can be used to generate a public certificate.
-
In System Manager, select Cluster > Settings.
-
Under Security, next to Certificates, select
; then select 
. -
Enter the subject common name; then select the country.
-
If you want to change the GSR defaults, select extended key usage, or add subject alternative names, select
; then make the desired updates. -
Select Generate.
You have generated a CSR to which can be used to generate a public certificate.
Add a trusted certificate authority
ONTAP provides a default set of trusted root certificates for applications using Transport Layer Security (TLS). You can add additional trusted certificate authorities as needed.
-
Select Cluster > Settings.
-
Under Security, next to Certificates, select
. -
Select Trusted certificate authorities.
-
Enter or import the certificate details; then select
.
You have added a new trusted certificate authority to your ASA r2 system.
Renew or delete a trusted certificate authority
Trusted certificate authorities must be renewed annually. If you do not want to renew an expired certificate, you should delete it.
-
Select Cluster > Settings.
-
Under Security, next to Certificates, select
. -
Select Trusted certificate authorities.
-
Select the trust certificate authority that you want to renew or delete.
-
Renew or delete the certificate authority.
To renew the certificate authority, do this… To delete the certificate authority, do this… -
Select
; then select Renew. -
Enter or import the certificate information; then select Renew.
-
Select
; then select Delete. -
Confirm that you want to delete; then select Delete.
-
You have renewed or deleted an existing trusted certificate authority on your ASA r2 system.
Add a client/server certificate or local certificate authorities
Add a client/server certificate or local certificate authorities to enable secure web services.
-
In System Manager, select Cluster > Settings.
-
Under Security, next to Certificates, select
. -
Select Client/server certificates or Local certificate authorities.
-
Add the certificate information; then select
.
You have added a new client/server certificate or local authorities to your ASA r2 system.
Renew or delete a client/server certificate or local certificate authorities
Client/server certificates and local certificate authorities must be renewed annually. If you do not want to renew an expired certificate or local certificate authorities, you should delete them.
-
Select Cluster > Settings.
-
Under Security, next to Certificates, select
. -
Select Client/server certificates, or Local certificate authorities.
-
Select the certificate you want to renew or delete.
-
Renew or delete the certificate authority.
To renew the certificate authority, do this… To delete the certificate authority, do this… -
Select
; then select Renew. -
Enter or import the certificate information; then select Renew.
Select
; then select Delete. -
You have renewed or deleted an existing client/server certificate or local certificate authority on your ASA r2 system.