Skip to main content
ONTAP tools for VMware vSphere 10.3

Manage certificates

Contributors netapp-jani
PDFs

A self-signed certificate is generated for ONTAP tools and VASA Provider by default during deployment. Using the ONTAP tools Manager interface, you can renew the certificate or upgrade it to a custom CA. Custom CA certificates are mandatory in a multi-vCenter deployment.

Before you begin

  • The domain name on which the certificate is issued should be mapped to the virtual IP address.

  • Run the nslookup check on the domain name to check if the domain is getting resolved to the intended IP address.

  • The certificates should be created with the domain name and the load balancer IP address.

Note A loadbalancer IP address should map to a fully qualified domain name (FQDN). Certificates should contain the same FQDN mapped to the loadbalancer IP address in subject or subject alternative names.
Note You cannot switch from a CA-signed to a self-signed certificate.
Upgrade ONTAP tools certificate

ONTAP tools tab shows details like certificate type (self-signed/CA signed) and domain name. During deployment, self-signed certificate is generated by default. You can renew the certificate or upgrade the certificate to CA.

Steps

  1. Launch ONTAP tools Manager from a web browser: https://<ONTAPtoolsIP>:8443/virtualization/ui/

  2. Log in with the ONTAP tools for VMware vSphere administrator credentials you provided during deployment.

  3. Select Certificates > ONTAP tools > Renew to renew the certificates.

    You can renew the certificate if it has expired or is nearing its expiration date. The renew option is available when the certificate type is CA-signed. In the pop-up window, provide the server certificate, private key, root CA, and intermediate certificate details.

    Note The system will be offline until the certificate is renewed, and you will be logged out of the ONTAP tools Manager interface.

  4. To upgrade the self-signed certificate to custom CA certificate, select Certificates > ONTAP tools > Upgrade to CA option.

    1. In the pop-up window, upload the server certificate, server certificate private key, root CA certificate, and intermediate certificate files.

    2. Enter the domain name for which you generated this certificate and upgrade the certificate.

      Note The system will be offline until the upgrade is complete, and you will be logged out of the ONTAP tools Manager interface.