Install a CA-signed server certificate for the cluster
To enable an SSL server to authenticate the cluster or storage virtual machine (SVM) as an SSL client, you install a digital certificate with the client type on the cluster or SVM. Then you provide the client-ca certificate to the SSL server administrator for installation on the server.
You must have already installed the root certificate of the SSL server on the cluster or SVM with the
server-ca certificate type.
To use a self-signed digital certificate for client authentication, use the
security certificate createcommand with the
To use a CA-signed digital certificate for client authentication, complete the following steps:
Generate a digital certificate signing request (CSR) by using the security certificate
ONTAP displays the CSR output, which includes a certificate request and private key, and reminds you to copy the output to a file for future reference.
Send the certificate request from the CSR output in an electronic form (such as email) to a trusted CA for signing.
You should keep a copy of the private key and the CA-signed certificate for future reference.
After processing your request, the CA sends you the signed digital certificate.
Install the CA-signed certificate by using the
security certificate installcommand with the
Enter the certificate and the private key when you are prompted, and then press Enter.
Enter any additional root or intermediate certificates when you are prompted, and then press Enter.
You install an intermediate certificate on the cluster or SVM if a certificate chain that begins at the trusted root CA, and ends with the SSL certificate issued to you, is missing the intermediate certificates. An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a certificate chain that begins at the trusted root CA, goes through the intermediate certificate, and ends with the SSL certificate issued to you.
client-cacertificate of the cluster or SVM to the administrator of the SSL server for installation on the server.
The security certificate show command with the
-type client-caparameters displays the