Table of ContentsView in Frames

Installing a server CA certificate to authenticate an SSL server to which the cluster or SVM is a client

Sometimes the cluster or Storage Virtual Machine (SVM) is a client to another SSL server (which, for example, can be an Active Directory domain controller that supports LDAP over SSL). In this case, you can enable the cluster or SVM to authenticate the SSL server by installing the server's root certificate with the server-ca type on the cluster or SVM.

Before you begin

You must have the root certificate of the SSL server. The root certificate can be self signed by the server or signed by a third-party CA for the server.

Steps

  1. Install the root certificate provided by the SSL server by using the security certificate install command with the -type server-ca parameter.
  2. When you are prompted, enter the certificate, and then press Enter.
    Data ONTAP reminds you to keep a copy of the certificate for future reference.

Example of installing a server CA certificate of an SSL server

The following example installs an SSL server's CA certificate with the server-ca type. The certificate is used for server authentication and is installed on the "vs1" SVM, which serves as a client to the server:

cluster1::> security certificate install -vserver vs1 -type server-ca
 
Please enter Certificate: Press <Enter> when done
-----BEGIN CERTIFICATE-----
MIIDNjCCAp+gAwIBAgIQNhIilsXjOKUgodJfTNcJVDANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
...
-----END CERTIFICATE-----

You should keep a copy of the CA-signed digital certificate for 
future reference.