Release notes
Modify the SP API service configuration
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
The SP API is a secure network API that enables ONTAP to communicate with the SP over the network. You can change the port used by the SP API service, renew the certificates the service uses for internal communication, or disable the service entirely. You need to modify the configuration only in rare situations.
-
The SP API service uses port
50000by default.You can change the port value if, for example, you are in a network setting where port
50000is used for communication by another networking application, or you want to differentiate between traffic from other applications and traffic generated by the SP API service. -
The SSL and SSH certificates used by the SP API service are internal to the cluster and not distributed externally.
In the unlikely event that the certificates are compromised, you can renew them.
-
The SP API service is enabled by default.
You only need to disable the SP API service in rare situations, such as in a private LAN where the SP is not configured or used and you want to disable the service.
If the SP API service is disabled, the API does not accept any incoming connections. In addition, functionality such as network-based SP firmware updates and network-based SP “down system” log collection becomes unavailable. The system switches to using the serial interface.
-
Switch to the advanced privilege level by using the
set -privilege advancedcommand. -
Modify the SP API service configuration:
If you want to… Use the following command… Change the port used by the SP API service
system service-processor api-service modifywith the-port{49152..65535} parameterRenew the SSL and SSH certificates used by the SP API service for internal communication
-
For ONTAP 9.5 or later use
system service-processor api-service renew-internal-certificate -
For ONTAP 9.4 and earlier use
-
system service-processor api-service renew-certificatesIf no parameter is specified, only the host certificates (including the client and server certificates) are renewed.
If the
-renew-all trueparameter is specified, both the host certificates and the root CA certificate are renewed.
comm
Disable or reenable the SP API service
system service-processor api-service modifywith the-is-enabled{true|false} parameter -
-
Display the SP API service configuration by using the
system service-processor api-service showcommand.
