How to install a Certificate Authority (CA) signed certificate using ONTAP CLI | NetApp | Page 1

karmic lichen Jul 12, 2023, 5:35 AM

#

I have Generated a Certificate Signing Request (CSR) and sent to our security team .They validated Certificate Authority (CA)
They provided me zip file like .p7b and .cer file

But i am unable to install. Providing the " Certificate Signing Request and private key " in CLI.
Please can any one guide me
NetApp device : FAS2620
Version : 9.8P19

I have followed below steps.

https://kb.netapp.com/onprem/ontap/dm/System_Manager/How_to_install_a_Certificate_Authority_CA_signed_certificate_using_ONTAP_CLI

NetApp Knowledge Base

How to install a Certificate Authority (CA) signed certificate usin...

This article describes the process to create a CA signed SSL certificate via CLI. By default, the ONTAP cluster SVM uses a self-signed certificate for HTTPS connectivity, which is not …

#

@strong depot please could you suggest me.

next minnow Jul 12, 2023, 6:14 AM

#

Are you getting an error message when you follow the documented steps?

#

Or are the steps completing succesfully but you're not seeing the certifiacte correctly installed?

strong depot Jul 12, 2023, 8:00 AM

#

karmic lichen <@189749672921792512> please could you suggest me.

yes, these should be the correct steps

karmic lichen Jul 12, 2023, 8:19 AM

#

Step 1 : Disable the SSL
Step2: security certificate install -vserver vservername -type server

1st pasted certificate signing Request.

2nd pasted private key
Then entered

Error: command failed:Failed to read the certificate due to incorrect formatting.

I have not touched to .p7b file and .cer file

hot timber Jul 12, 2023, 8:43 AM

#

that's my procedure .....

1.) generate:
security certificate generate-csr -common-name <HOSTNAME> -size 2048 -dns-name <HOSTNAME>

2.) request a .cer file.

3.) install:
security certificate install -vserver <CLUSTER> -type server

3.1) paste certificate with BEGIN & END
3.2) paste private key with BEGIN & END

4.) show:
certificate show -type server -vserver <CLUSTER> -serial <NEW SERIAL>

5.) SSL:
security ssl modify -server-enabled true -serial <NEW SERIAL> -vserver <CLUSTER> -common-name <HOSTNAME> -ca <YOUR CA>

strong depot Jul 12, 2023, 9:18 PM

#

Error: command failed:Failed to read the certificate due to incorrect formatting.
something in your certificate is incorrect. This is how it should look like

#

#

this page gives the commands and some examples: https://docs.netapp.com/us-en/ontap-cli-9131//security-certificate-install.html#examples

security certificate install

Install a Digital Certificate

karmic lichen Jul 13, 2023, 8:06 AM

#

I have generated csr with above command
Two Keys were like 1.certificate signing Request
2.private key

The CSR key was given to our security team and they gave me .cer zip file.

Now here my doubt is

should I extract that zip file
2.Here you pasted two keys ( which keys I should paste here)

This is the first time I am doing.

#

I also created
Security certificate create - vserver xxx -common-name xxx -size 2048 -type server -expire-days 365 -hash-function SHA256

#

Here the public key is generated

#How to install a Certificate Authority (CA) signed certificate using ONTAP CLI