Mutual TLS (certificate-based authentication)
Suggest changes
PDFs
ONTAP versions 9.7 and later support mutual TLS communication. Beginning with ONTAP Tools for VMware and vSphere 9.12, mutual TLS is used for communication with newly added clusters (depending on ONTAP version).
ONTAP
For all previously added storage systems: During an upgrade, all added storage storage systems will get auto-trusted, and certificate-based authentication mechanisms will get configured.
As in the below screenshot, the Cluster setup page will show the status of Mutual TLS (Certificate-based authentication), configured for each cluster.
Cluster Add
During cluster add workflow, if the cluster being added supports MTLS, MTLS will be configured by default. The user does not need to do any configuration for this. The below screen shot shows the screen presented to the user during cluster add.
Cluster Edit
During cluster edit operation, there are two scenarios:
-
If the ONTAP certificate expires then the user will have to get the new cert and upload it.
-
If the OTV certificate expires then the user can regenerate it by checking the checkbox.
-
Generate a new client certificate for ONTAP.
-
