Skip to main content

Create a CA-signed digital certificate

Contributors netapp-aherbin netapp-dbagwell
PDFs

For many organizations, the self-signed digital certificate for ONTAP web access is not compliant with their InfoSec policies. On production systems, it is a NetApp best practice to install a CA-signed digital certificate for use in authenticating the cluster or SVM as an SSL server.

You can use the security certificate generate-csr command to generate a certificate signing request (CSR), and the security certificate install command to install the certificate you receive back from the CA.

Steps

  1. To create a digital certificate that is signed by the organization's CA, do the following:

    1. Generate a CSR.

    2. Follow your organization's procedure to request a digital certificate using the CSR from your organization's CA. For example, using Microsoft Active Directory Certificate Services web interface, go to <CA_server_name>/certsrv and request a certificate.

    3. Install the digital certificate in ONTAP.