Thanks for answering your steps would work for self signed certificates, but whose expiring in my case are the ca's from other organisations, installed from netapp.
currently i have 3 of the expiring in the near future: L1Q::> security certificate show -type server-ca -expiration <"Thu Jul 11 01:59:00 2019" Vserver Serial Number Common Name Type ---------- --------------- -------------------------------------- ------------ L1Q 85BD4BF3D8DAE369F694D75FC3A54423 Class2PrimaryCA server-ca Certificate Authority: Class 2 Primary CA Expiration Date: Sun Jul 07 01:59:59 2019
L1Q 26 DeutscheTelekomRootCA2 server-ca Certificate Authority: Deutsche Telekom Root CA 2 Expiration Date: Wed Jul 10 01:59:00 2019
L1Q 44BE0C8B500024B411D3362AFE650AFD UTN-USERFirst-Hardware server-ca Certificate Authority: UTN-USERFirst-Hardware Expiration Date: Tue Jul 09 20:19:22 2019
3 entries were displayed.
as far as i see those certs are used when my netapp tries to connect itself to ssl-enabled services with certs signed from that CAs. may i should only delete them to get rid of that messages in my eventlog.
yours josef (no charles heese here, sorry :))
On Wed, 12 Jun 2019, Douglas Siggins wrote:
Pretty sure we do something like this:
security ssl show
security certificate show -vserver vserver_name -common-name common_name -instance
security certificate delete -vserver vserver_name -common-name common_name -ca common_name -type server -serial serial_number
security certificate create -vserver vserver_name -type server -size 2048 -expire-days (days here) -common-name common_name -hash-function SHA256 -country US -protocol SSL
security ssl show
security certificate show -vserver vserver_name -common-name common_name -instance
ssl modify -vserver vserver_name -server-enabled true -client-enabled false -common-name common_name -ca common_name -serial serial_number
security certificate show
security ssl show
On Wed, Jun 12, 2019 at 9:58 AM jordan slingerland jordan.slingerland@gmail.com wrote: I was hoping to see this email signed Charles Heese or something. That would have made my morning.
On Wed, Jun 12, 2019, 9:52 AM cheese@nosuchhost.net wrote: hi
i have several systems with ontap 9.3P10 and have messages like: 6/12/2019 00:00:01 L1Q-A1 ERROR mgmtgwd.certificate.expiring: A digital certificate with Fully Qualified Domain Name (FQDN) Class2PrimaryCA, Serial Number 85BD4BF3D8DAE369F694D75FC3A54423, Certificate Authority 'Class 2 Primary CA' and type server-ca for Vserver L1Q will expire in the next 25 day(s). what should i do here? my netapp partner told me to renew them via deleteing them and creating new certs. i should create a new server-ca, which is not even an option in ontap (even with advanced privileges) ? i think this must be wrong. i hope others have the same problem and a solution. yours josef _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters