View default certificates for TLS-based applications
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.2, ONTAP provides a default set of trusted root certificates for ONTAP applications using Transport Layer Security (TLS).
The default certificates are installed only on the admin SVM during its creation, or during an upgrade to ONTAP 9.2.
The current applications that act as a client and require certificate validation are AutoSupport, EMS, LDAP, Audit Logging, FabricPool, and KMIP.
When certificates expire, an EMS message is invoked that requests the user to delete the certificates. The default certificates can only be deleted at the advanced privilege level.
Deleting the default certificates may result in some ONTAP applications not functioning as expected (for example, AutoSupport and Audit Logging). |
-
You can view the default certificates that are installed on the admin SVM by using the security certificate show command:
security certificate show -vserver –type server-ca
fas2552-2n-abc-3::*> security certificate show -vserver fas2552-2n-abc-3 -type server-ca Vserver Serial Number Common Name Type ---------- --------------- -------------------------------------- ------------ fas2552-2n-abc-3 01 AAACertificateServices server-ca Certificate Authority: AAA Certificate Services Expiration Date: Sun Dec 31 18:59:59 2028