#replacing certificates

We are trying to replace certificates using ansible. We are successful at installing the new certificate. After this the certificate is not being used by the cluster. We need to activate the certificate by running an ssl modify. We need to run the following command:

ssl modify -vserver {{ hostname_short }} -serial {{ hex_serial | upper }} -ca "my company"

Is there a way we can make the cluster actually use the newly installed certificate. We would like to get rid of the 'ssl modify' command.

We use Ontap 9.7

We don't have a module today to cover ssl modify i'll add a story to add it. One thing to note the REST equivalent for ssl modify was not added to the REST API until ONTAP 9.10

https://library.netapp.com/ecmdocs/ECMLP2885799/html/index.html#/svm/web_svm_modify

@ashen wadi with that said you can use the Zapiit module to do this.

WE have an example playbook in our examples that show how to install the SSl certificate. The last play (line 197) would be what your looking for.

https://github.com/ansible-collections/netapp.ontap/blob/main/playbooks/examples/na_ontap_pb_install_SSL_certificate.yml

The /cluster API allows to modify the cluster management certificate. This was introduced in 9.6. So if you talk about cluster and not SVM-specific ssl config, this is what I use to activate it:

- name: Change web server configuration to use new certificate na_ontap_restit: <<: *login api: cluster method: PATCH body: certificate: uuid: "{{ installed.response.records[0].uuid }}"

You need to know the uuid that was given the certificate during the installation step.