#New signed certificate install using na_ontap_command

Hello, I’m trying to automate the new certificate install process and for that we have deleted the old certa which shuts down the https connection which in turn can’t use na_ontap_security_certificate module. Is there an example you can share on how to install the new certificates using na_ontap_command.py module?

can you try enable http and use na_ontap_security_certificate module

To enable http on the cluster you must run the following commands
set -privilege advanced system services web modify -http-enabled true

We can enable http but firewall port 80 is blocked from Ansible servers in our environment and there is no way our security team will unblock it.

https uses 443 port not 80

this enables https

Ohh ok..will try. Sorry, I thought to enable http port 80..

no problem

I am seeing HTTP enabled is set to true even after deleting the certs but still getting below error.

“msg": "na_ontap_security_certificates only supports REST, and requires ONTAP 9.6 or later. -(‘Connection aborted.’, OSError(0, ‘Error’))”

whats the ONTAP version?

try zapi
use_rest: never if ONTAP version < 9.6

9.10

can you try with use_rest: never ?

Ok

Finally able to get the workaround process working to install the new certs and then delete the old certs from the cluster. Thanks @tardy frigate for all the help.

Would you mind sharing? I would like to see that process.