Add a CA certificate to IPsec

10/14/2025

POST /security/ipsec/ca-certificates

Introduced In: 9.10

Add CA certificate to IPsec. The CA certificate should already be installed on the cluster prior to adding them to IPsec. The CA certificate can be installed on the cluster using the /security/certificates endpoint. The svm.uuid or svm.name should not be supplied for certificates that have a scope of cluster.

security ipsec ca-certificate add

Parameters

Name	Type	In	Required	Description
return_records	boolean	query	False	The default is false. If set to true, the records are returned. Default value:

Name

Type

Required

Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

Default value:

Request Body

Name	Type	Description
certificate	certificate	IPsec CA certificate UUID
svm	svm	SVM, applies only to SVM-scoped objects.

Name

Type

Description

certificate

IPsec CA certificate UUID

svm

SVM, applies only to SVM-scoped objects.

Example request

{
  "certificate": {
    "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
  },
  "svm": {
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 201, Created

Name	Type	Description
num_records	integer	Number of records
records	array[ipsec_ca_certificate]

Name

Type

Description

num_records

integer

Number of records

records

array[ipsec_ca_certificate]

Example response

{
  "num_records": 1,
  "records": [
    {
      "certificate": {
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      },
      "svm": {
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      }
    }
  ]
}

Headers

Name	Description	Type
Location	Useful for tracking the resource location	string

Name

Description

Type

Location

Useful for tracking the resource location

string

Error

Status: Default

ONTAP Error Response Codes

Error Code	Description
66257304	CA certificate is not installed.

Error Code

Description

66257304

CA certificate is not installed.

Also see the table of common errors in the Response body overview section of this documentation.

Definitions

See Definitions

href

Name	Type	Description
href	string

Name

Type

Description

href

string

_links

certificate

IPsec CA certificate UUID

Name	Type	Description
uuid	string	Certificate UUID

Name

Type

Description

uuid

string

Certificate UUID

svm

SVM, applies only to SVM-scoped objects.

Name	Type	Description
name	string	The name of the SVM. This field cannot be specified in a PATCH method.
uuid	string	The unique identifier of the SVM. This field cannot be specified in a PATCH method.

Name

Type

Description

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

ipsec_ca_certificate

Name	Type	Description
certificate	certificate	IPsec CA certificate UUID
svm	svm	SVM, applies only to SVM-scoped objects.

Name

Type

Description

certificate

IPsec CA certificate UUID

svm

SVM, applies only to SVM-scoped objects.

error_arguments

Name	Type	Description
code	string	Argument code
message	string	Message argument

Name

Type

Description

code

string

Argument code

message

string

Message argument

returned_error

Name	Type	Description
arguments	array[error_arguments]	Message arguments
code	string	Error code
message	string	Error message
target	string	The target parameter that caused the error.

Name

Type

Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Add a CA certificate to IPsec

Creating your file...

Related ONTAP commands

Parameters

Request Body

Response

Headers

Error

Definitions