Release notes
Install the self-signed root CA certificate on the SVM
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
If LDAP authentication with TLS is required when binding to LDAP servers, you must first install the self-signed root CA certificate on the SVM.
All applications within ONTAP that use TLS communications can check digital certificate status using Online Certificate Status Protocol (OCSP). If OCSP is enabled for LDAP over TLS, revoked certificates are rejected and the connection fails.
-
Install the self-signed root CA certificate:
-
Begin the certificate installation:
security certificate install -vserver vserver_name -type server-caThe console output displays the following message:
Please enter Certificate: Press <Enter> when done -
Open the certificate
.pemfile with a text editor, copy the certificate, including the lines beginning with-----BEGIN CERTIFICATE-----and ending with-----END CERTIFICATE-----, and then paste the certificate after the command prompt. -
Verify that the certificate is displayed correctly.
-
Complete the installation by pressing Enter.
-
-
Verify that the certificate is installed:
security certificate show -vserver vserver_name
