Install a CA certificate if you use ONTAP S3
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- Security and data encryption
- Data protection and disaster recovery
Collection of separate PDF docs
Creating your file...
Unless you plan to disable certificate checking for ONTAP S3, you must install a ONTAP S3 CA certificate on the cluster so that ONTAP can authenticate with ONTAP S3 as the object store for FabricPool.
-
Obtain the ONTAP S3 system's CA certificate.
-
Use the
security certificate install
command with the-type
server-ca
parameter to install the ONTAP S3 CA certificate on the cluster.The fully qualified domain name (FQDN) you enter must match the custom common name on the ONTAP S3 CA certificate.
Update an expired certificate
To update an expired certificate, the best practice is to use a trusted CA to generate the new server certificate. In addition, you should ensure that the certificate is updated on the ONTAP S3 server and on the ONTAP cluster at the same time to keep any downtime to a minimum.