Sometimes the cluster or Storage Virtual Machine (SVM) is a client to another SSL server (which, for example, can be an Active Directory domain controller that supports LDAP over SSL). In this case, you can enable the cluster or SVM to authenticate the SSL server by installing the server's root certificate with the server-ca type on the cluster or SVM.
You must have the root certificate of the SSL server. The root certificate can be self signed by the server or signed by a third-party CA for the server.
The following example installs an SSL server's CA certificate with the server-ca type. The certificate is used for server authentication and is installed on the "vs1" SVM, which serves as a client to the server:
cluster1::> security certificate install -vserver vs1 -type server-ca Please enter Certificate: Press <Enter> when done -----BEGIN CERTIFICATE----- MIIDNjCCAp+gAwIBAgIQNhIilsXjOKUgodJfTNcJVDANBgkqhkiG9w0BAQUFADCB zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE ... -----END CERTIFICATE----- You should keep a copy of the CA-signed digital certificate for future reference.