Enable SSL certificate ONTAP account access

06/10/2025 Contributors

PDFs

You can use the security login create command to enable administrator accounts to access an admin or data SVM with an SSL certificate.

About this task

You must install a CA-signed server digital certificate before the account can access the SVM.

Generating and installing a CA-signed server certificate

You can perform this task before or after you enable account access.
If you are unsure of the access control role you want to assign to the login account, you can add the role later with the security login modify command.

Modifying the role assigned to an administrator

For cluster administrator accounts, certificate authentication is supported with the http, ontapi, and rest applications. For SVM administrator accounts, certificate authentication is supported only with the ontapi and rest applications.

Step

Enable local administrator accounts to access an SVM using an SSL certificate:

security login create -vserver SVM_name -user-or-group-name user_or_group_name -application application -authmethod authentication_method -role role -comment comment

The following command enables the SVM administrator account svmadmin2 with the default vsadmin role to access the SVMengData2 using an SSL digital certificate.
```
cluster1::>security login create -vserver engData2 -user-or-group-name svmadmin2 -application ontapi -authmethod cert
```
Learn more about security login create in the ONTAP command reference.

After you finish

If you have not installed a CA-signed server digital certificate, you must do so before the account can access the SVM.

Generating and installing a CA-signed server certificate

Learn more about the commands described in this procedure in the ONTAP command reference.

Enable SSL certificate ONTAP account access

Creating your file...