Skip to main content
SnapCenter Software 6.0

Configure CA Certificate for Linux host

Contributors netapp-soumikd
PDFs

After installing the SnapCenter Server on Linux, the installer creates the self-signed certificate. If you want to use the CA certificate, you should configure the certificates for nginx reverse proxy, audit logging, and SnapCenter services.

Configure nginx certificate

Steps

  1. Navigate to /etc/nginx/conf.d: cd /etc/nginx/conf.d

  2. Open snapcenter.conf using vi or any text editor.

  3. Navigate to the server section in the configuration file.

  4. Modify the paths of ssl_certificate and ssl_certificate_key to point to CA certificate.

  5. Save and close the file.

  6. Reload nginx: $nginx -s reload

Configure audit log certificate

Steps

  1. Open INSTALL_DIR/NetApp/snapcenter/SnapManagerWeb/SnapManager.Web.UI.dll.config using vi or any text editor.

    The default value of INSTALL_DIR is /opt.

  2. Edit the AUDILOG_CERTIFICATE_PATH and AUDILOG_CERTIFICATE_PASSWORD keys to include the CA certificate path and password respectively.

    Only .pfx format is supported for audit log certificate.

  3. Save and close the file.

  4. Restart the snapmanagerweb service: $ systemctl restart snapmanagerweb

Configure SnapCenter services certificate

Steps

  1. Open the following configuration files using using vi or any text editor.

    • INSTALL_DIR/NetApp/snapcenter/SnapManagerWeb/SnapManager.Web.UI.dll.config

    • INSTALL_DIR/NetApp/snapcenter/SMCore/SMCoreServiceHost.dll.config

    • INSTALL_DIR/NetApp/snapcenter/Scheduler/Scheduler.Api.dll.config

      The default value of INSTALL_DIR is /opt.

  2. Edit the SERVICE_CERTIFICATE_PATH and SERVICE_CERTIFICATE_PASSWORD keys to include the CA certificate path and password respectively.

    Only .pfx format is supported for SnapCenter services certificate.

  3. Save and close the files.

  4. Restart all the services.

    • $ systemctl restart snapmanagerweb

    • $ systemctl restart smcore

    • $ systemctl restart scheduler