Generate a certificate signing request for the cluster in ONTAP
You can use the security certificate generate-csr
command to generate a certificate signing request (CSR). After processing your request, the certificate authority (CA) sends you the signed digital certificate.
You must be a cluster administrator or SVM administrator to perform this task.
-
Generate a CSR:
security certificate generate-csr -common-name FQDN_or_common_name -size 512|1024|1536|2048 -country country -state state -locality locality -organization organization -unit unit -email-addr email_of_contact -hash-function SHA1|SHA256|MD5
Learn more about
security certificate generate-csr
in the ONTAP command reference.The following command creates a CSR with a 2,048-bit private key generated by the SHA256 hashing function for use by the Software group in the IT department of a company whose custom common name is server1.companyname.com, located in Sunnyvale, California, USA. The email address of the SVM contact administrator is web@example.com. The system displays the CSR and the private key in the output.
cluster1::>security certificate generate-csr -common-name server1.companyname.com -size 2048 -country US -state California - locality Sunnyvale -organization IT -unit Software -email-addr web@example.com -hash-function SHA256 Certificate Signing Request : -----BEGIN CERTIFICATE REQUEST----- <certificate_value> -----END CERTIFICATE REQUEST----- Private Key : 24 | Administrator Authentication and RBAC -----BEGIN RSA PRIVATE KEY----- <key_value> -----END RSA PRIVATE KEY----- Note: Please keep a copy of your certificate request and private key for future reference.
-
Copy the certificate request from the CSR output, and then send it in electronic form (such as email) to a trusted third-party CA for signing.
After processing your request, the CA sends you the signed digital certificate. You should keep a copy of the private key and the CA-signed digital certificate.