Skip to main content

Install a CA certificate on an ONTAP cluster for StorageGRID

Contributors johnlantz netapp-dbagwell netapp-ahibbard netapp-lenida netapp-thomi netapp-aherbin

Using CA certificates creates a trusted relationship between client applications and StorageGRID.

Unless you plan to disable certificate checking for StorageGRID, you must install a StorageGRID CA certificate on the cluster so that ONTAP can authenticate with StorageGRID as the object store for FabricPool.

Although StorageGRID can generate self-signed certificates, using signed certificates from a third-party certificate authority is the recommended best practice.

About this task

Although installation and use of certificate authority (CA) certificates are recommended best practices, beginning in ONTAP 9.4, installation of CA certificates is not required for StorageGRID.

Steps
  1. Contact your StorageGRID administrator to obtain the StorageGRID system's CA certificate.

  2. Use the security certificate install command with the -type server-ca parameter to install the StorageGRID CA certificate on the cluster.

    The fully qualified domain name (FQDN) you enter must match the custom common name on the StorageGRID CA certificate.

Update an expired certificate

To update an expired certificate, the best practice is to use a trusted CA to generate the new server certificate. In addition, you should ensure that the certificate is updated on the StorageGRID server and on the ONTAP cluster at the same time to keep any downtime to a minimum.

Related information

StorageGRID Resources