Table of ContentsView in Frames

Replacing an expired digital certificate

Each certificate that you create or install has an expiration date. When it expires, you must replace it with a new certificate so that the corresponding server or client authentication is not disrupted.

About this task

By default, digital certificates created by Data ONTAP are set to expire in 365 days, but you can specify the expiration setting when you create a digital certificate.

Steps

  1. Display certificate expiration information by using the security certificate show command with the -fields expiration, expire-days parameter.
    You need the following information when you delete an expired certificate:
    • The SVM name
    • The common name used for the certificate
    • Serial number
    • Certificate authority (CA)
    • Certificate type
  2. Delete an expired certificate by using the security certificate delete command.
  3. Obtain a new certificate with the same common name to replace the certificate that has expired:
    If the certificate is this type… Then follow the steps in…
    server Installing a server certificate to authenticate the cluster or SVM as an SSL server
    client-ca Installing a client CA or root CA certificate to authenticate an SSL client of the cluster or SVM
    server-ca Installing a server CA certificate to authenticate an SSL server to which the cluster or SVM is a client
    client Installing a client certificate to authenticate the cluster or SVM as an SSL client