A digital certificate ensures that communications are transmitted in encrypted form and that information is sent privately and unaltered to only the specified server or from the authenticated client. You can generate a certificate signing request, create, install, sign, display, revoke, or delete a digital certificate for server or client authentication.
A digital certificate, also called a public key certificate, is an electronic document that verifies the owner of a public key. It can be either self signed (by the owner) or Certificate Authority (CA) signed. You can provide server or client authentication by using digital certificates for situations where the cluster or Storage Virtual Machine (SVM) is an SSL server or client. When you provide both server and client authentication, you have mutual authentication (also called two-way authentication) in which both the server and the client present their certificates to each other for validating their respective identities to each other.
You can manage digital certificates in the following ways (the security certificate command family):
The following behaviors and default settings apply:
The security ssl modify command enables or disables SSL authentication of the cluster or SVM as an SSL server and that of its client. The -server-enabled parameter defaults to true, and the -client-enabled parameter defaults to false. Setting the -client-enabled parameter to true enables mutual authentication of the server (the cluster or SVM) and its client.
When you manage digital certificates, you specify one of the following certificate types (the -type parameter of the security certificate command family) for server or client authentication:
When you create a root-ca certificate, a client-ca certificate and a server-ca certificate are also created automatically. When you delete the root-ca certificate, the corresponding client-ca and server-ca certificates are also deleted automatically.