Skip to main content
Enterprise applications

Mutual TLS (certificate-based authentication)

Contributors netapp-bingen

ONTAP versions 9.7 and later support mutual TLS communication. Beginning with ONTAP Tools for VMware and vSphere 9.12, mutual TLS is used for communication with newly added clusters (depending on ONTAP version).

ONTAP

For all previously added storage systems: During an upgrade, all added storage storage systems will get auto-trusted, and certificate-based authentication mechanisms will get configured.

As in the below screenshot, the Cluster setup page will show the status of Mutual TLS (Certificate-based authentication), configured for each cluster.

image2

Cluster Add

During cluster add workflow, if the cluster being added supports MTLS, MTLS will be configured by default. The user does not need to do any configuration for this. The below screen shot shows the screen presented to the user during cluster add.

Add Storage System

Add Storage System

Add Storage System

Add Storage System

Cluster Edit

During cluster edit operation, there are two scenarios:

  • If the ONTAP certificate expires then the user will have to get the new cert and upload it.

  • If the OTV certificate expires then the user can regenerate it by checking the checkbox.

    • Generate a new client certificate for ONTAP.

Modify Storage System

Modify Storage System