Install a CA certificate if you use StorageGRID
Suggest changes
PDFs
Using CA certificates creates a trusted relationship between client applications and StorageGRID.
Unless you plan to disable certificate checking for StorageGRID, you must install a StorageGRID CA certificate on the cluster so that ONTAP can authenticate with StorageGRID as the object store for FabricPool.
Although StorageGRID can generate self-signed certificates, using signed certificates from a third-party certificate authority is the recommended best practice.
Although installation and use of certificate authority (CA) certificates are recommended best practices, beginning in ONTAP 9.4, installation of CA certificates is not required for StorageGRID.
-
Contact your StorageGRID administrator to obtain the StorageGRID system's CA certificate.
-
Use the
security certificate installcommand with the-typeserver-caparameter to install the StorageGRID CA certificate on the cluster.The fully qualified domain name (FQDN) you enter must match the custom common name on the StorageGRID CA certificate.
Update an expired certificate
To update an expired certificate, the best practice is to use a trusted CA to generate the new server certificate. In addition, you should ensure that the certificate is updated on the StorageGRID server and on the ONTAP cluster at the same time to keep any downtime to a minimum.