Modify the SP API service configuration
The SP API is a secure network API that enables ONTAP to communicate with the SP over the network. You can change the port used by the SP API service, renew the certificates the service uses for internal communication, or disable the service entirely. You need to modify the configuration only in rare situations.
-
The SP API service uses port
50000
by default.You can change the port value if, for example, you are in a network setting where port
50000
is used for communication by another networking application, or you want to differentiate between traffic from other applications and traffic generated by the SP API service. -
The SSL and SSH certificates used by the SP API service are internal to the cluster and not distributed externally.
In the unlikely event that the certificates are compromised, you can renew them.
-
The SP API service is enabled by default.
You only need to disable the SP API service in rare situations, such as in a private LAN where the SP is not configured or used and you want to disable the service.
If the SP API service is disabled, the API does not accept any incoming connections. In addition, functionality such as network-based SP firmware updates and network-based SP “down system” log collection becomes unavailable. The system switches to using the serial interface.
-
Switch to the advanced privilege level by using the
set -privilege advanced
command. -
Modify the SP API service configuration:
If you want to… Use the following command… Change the port used by the SP API service
system service-processor api-service modify
with the-port
{49152
..65535
} parameterRenew the SSL and SSH certificates used by the SP API service for internal communication
-
For ONTAP 9.5 or later use
system service-processor api-service renew-internal-certificate
-
For ONTAP 9.4 and earlier use
-
system service-processor api-service renew-certificates
If no parameter is specified, only the host certificates (including the client and server certificates) are renewed.
If the
-renew-all true
parameter is specified, both the host certificates and the root CA certificate are renewed.
comm
Disable or reenable the SP API service
system service-processor api-service modify
with the-is-enabled
{true
|false
} parameter -
-
Display the SP API service configuration by using the
system service-processor api-service show
command.