Pretty sure we do something like this:
  1. security ssl show
  2. security certificate show -vserver vserver_name -common-name common_name -instance 
  3. security certificate delete -vserver vserver_name -common-name common_name -ca common_name -type server -serial serial_number
  4. security certificate create -vserver vserver_name -type server -size 2048   -expire-days (days here) -common-name common_name -hash-function SHA256 -country US -protocol SSL
  5. security ssl show
  6. security certificate show -vserver vserver_name -common-name common_name -instance
  7. ssl modify -vserver vserver_name -server-enabled true -client-enabled false -common-name common_name -ca common_name -serial serial_number

  8. security certificate show

  9. security ssl show


On Wed, Jun 12, 2019 at 9:58 AM jordan slingerland <jordan.slingerland@gmail.com> wrote:
I was hoping to see this email signed Charles Heese or something.  That would have made my morning. 

On Wed, Jun 12, 2019, 9:52 AM <cheese@nosuchhost.net> wrote:
hi

i have several systems with ontap 9.3P10 and have messages like:
6/12/2019 00:00:01  L1Q-A1           ERROR
mgmtgwd.certificate.expiring: A digital certificate with Fully Qualified
Domain Name (FQDN) Class2PrimaryCA, Serial Number 85BD4BF3D8DAE369F694D75FC3A54423, Certificate Authority 'Class 2 Primary CA' and type server-ca for Vserver L1Q will expire in the next 25 day(s).

what should i do here? my netapp partner told me to renew them via
deleteing them and creating new certs.

i should create a new server-ca, which is not even an option in ontap
(even with advanced privileges) ?
i think this must be wrong.

i hope others have the same problem and a solution.

yours
josef
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters