Table of ContentsView in Frames

Installing replacement SSL certificates on the storage system

After you remove the old certificates, you create the new replacement SSL certificates, save them with the proper file name and format, and then install them on the storage system.

Before you begin

You must have removed the old certificates that are about to expire from the storage system.

You must have obtained the replacement public and private certificates for the storage system and the public certificate for the key management server and named them as required. For more information, see the Data ONTAP Software Setup Guide for 7-Mode.

You must have installed the appropriate new certificates on the key management server. For more information, see the documentation for your key management server.

Steps

  1. Copy the certificate files to a temporary location on the storage system.
  2. Install the public certificate of the storage system by entering the following command: keymgr install cert /path/client.pem
  3. Install the private certificate of the storage system by entering the following command: keymgr install cert /path/client_private.pem
  4. Install the public certificate of all key management servers by entering the following command for each key management server: keymgr install cert /path/key_management_server_ipaddress_CA.pem
  5. Add all key management servers by entering the following command for each key management server: key_manager add -key_server key_server_ip_address
  6. Verify connectivity between the storage system and key management servers by entering the following command: key_manager query
    You should see a list of existing key IDs retrieved from the key management servers.