Manage certificates on an AFX storage system
Suggest changes
PDFs
Depending on your environment, you'll need to create and manage digital certificates as part of administering AFX. There are several related tasks you can perform.
Generate a certificate signing request
To get started using a digital certificate, you need to generate a certificate signing request (CSR). A CSR is used to request a signed certificate from a certificate authority (CA).As part of this, ONTAP creates a public/private key pair and includes the public key in the CSR.
-
In System Manager, select Cluster and then Settings.
-
Under Security and next to Certificates, select
-
Select
. -
Provide the subject common name and country; optionally provide the organization and organizational unit.
-
To change the default values which will define the certificate, select
and make the desired updates. -
Select Generate.
You have generated a CSR which can be used to request a public key certificate.
Add a trusted certificate authority
ONTAP provides a default set of trusted root certificates for use with Transport Layer Security (TLS) and other protocols. You can add additional trusted certificate authorities as needed.
-
In System Manager, select Cluster and then Settings.
-
Under Security and next to Certificates, select
. -
Select the tab Trusted certificate authorities and then select
. -
Provide the configuration information, including the name, scope, common name, type, and certificate details; you can import the certificate instead by selecting Import.
-
Select Add.
You have added a trusted certificate authority to your AFX system.
Renew or delete a trusted certificate authority
Trusted certificate authorities must be renewed annually. If you do not want to renew an expired certificate, you should delete it.
-
Select Cluster and then Settings.
-
Under Security and next to Certificates, select
. -
Select the tab Trusted certificate authorities.
-
Select the trust certificate authority that you want to renew or delete.
-
Renew or delete the certificate authority.
To renew the certificate authority, do this: To delete the certificate authority, do this: -
Select
and then select Renew. -
Enter or import the certificate information and select Renew.
-
Select
and then select Delete. -
Confirm that you want to delete and select Delete.
-
You have renewed or deleted an existing trusted certificate authority on your AFX system.
Add a client/server certificate or local certificate authority
You can add a client/server certificate or a local certificate authority as part of enabling secure web services.
-
In System Manager, select Cluster and then Settings.
-
Under Security and next to Certificates, select
. -
Select either Client/server certificates or Local certificate authorities as needed.
-
Add the certificate information and select Save.
You have added a new client/server certificate or local authorities to your AFX system.
Renew or delete a client/server certificate or local certificate authorities
Client/server certificates and local certificate authorities must be renewed annually. If you do not want to renew an expired certificate or local certificate authorities, you should delete them.
-
Select Cluster and then Settings.
-
Under Security and next to Certificates, select
. -
Select either Client/server certificates or Local certificate authorities as needed.
-
Select the certificate you want to renew or delete.
-
Renew or delete the certificate authority.
To renew the certificate authority, do this: To delete the certificate authority, do this: -
Select
and then select Renew. -
Enter or import the certificate information and select Renew.
Select
and then select Delete. -
You have renewed or deleted an existing client/server certificate or local certificate authority on your AFX system.