Release notes
Create a CA-signed digital certificate
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
For many organizations, the self-signed digital certificate for ONTAP web access is not compliant with their InfoSec policies. On production systems, it is a NetApp best practice to install a CA-signed digital certificate for use in authenticating the cluster or SVM as an SSL server.
You can use the security certificate generate-csr command to generate a certificate signing request (CSR), and the security certificate install command to install the certificate you receive back from the CA.
-
To create a digital certificate that is signed by the organization's CA, do the following:
-
Generate a CSR.
-
Follow your organization's procedure to request a digital certificate using the CSR from your organization's CA. For example, using Microsoft Active Directory Certificate Services web interface, go to
<CA_server_name>/certsrvand request a certificate. -
Install the digital certificate in ONTAP.
-