Skip to main content

View default certificates for TLS-based applications

Contributors netapp-aherbin netapp-barbe

Beginning with ONTAP 9.2, ONTAP provides a default set of trusted root certificates for ONTAP applications using Transport Layer Security (TLS).

What you'll need

The default certificates are installed only on the admin SVM during its creation, or during an upgrade to ONTAP 9.2.

About this task

The current applications that act as a client and require certificate validation are AutoSupport, EMS, LDAP, Audit Logging, FabricPool, and KMIP.

When certificates expire, an EMS message is invoked that requests the user to delete the certificates. The default certificates can only be deleted at the advanced privilege level.

Note

Deleting the default certificates may result in some ONTAP applications not functioning as expected (for example, AutoSupport and Audit Logging).

Step
  1. You can view the default certificates that are installed on the admin SVM by using the security certificate show command:

    security certificate show -vserver –type server-ca

    cluster1::> security certificate show
    
    Vserver    Serial Number   Certificate Name                          Type
    ---------- --------------- ----------------------------------------- ---------
    vs0        4F4E4D7B         www.example.com                            server
        Certificate Authority:  www.example.com
              Expiration Date: Thu Feb 28 16:08:28 2013