#How to call API without using password

We are using many APIs, and we want to use the certification method instead of using password.
Since the password for the admin account will change regularly.

I have found this KB:
https://kb.netapp.com/on-prem/ontap/DM/REST-API/REST_API_KBs/How_to_configure_SSL_certificate-based_authentication_for_REST_API_in_ONTAP

When testing with following command:
curl -ik --cert ./mycert.crt --key mykey.key https://cluster_mgmt_ip/api/cluster?fields=version
I got the following Error:
curl: (56) OpenSSL SSL_read: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0

I just tested this by doing what the KB says, step by step, and it worked fine.
Are you trying to connect to the cluster or to a single SVM? One of the commands in that KB is missing the -vserver ... parameter

please show the output of certificate show -vserver <your-vserver-name> -type root-ca and security login show -vserver <your-vserver-name> -user-or-group-name <your-username> (for the SVM and user that you are trying to configure for certificate based access)

@topaz tundra To the cluster.

Vserver Serial Number Certificate Name Type

a150 XXXXXXXX
MyCompany_XXXXXXXX_MyCompany root-ca
Certificate Authority: MyCompany
Expiration Date: Thu Apr 09 15:34:33 2026

Vserver: a150
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method

cert_api http cert admin - none
cert_api ontapi cert admin - none
2 entries were displayed.

okay, can you show the issuer and subject of your certificate on the client (e.g. openssl x509 -noout -text -in <certificate-file-name.crt> | egrep "Issuer:|Subject:" in Linux)? Issuer should be MyCompany and Subject should be CN=cert_api

Issuer: CN = MyCompany, C = US
Subject: CN = cert_api

hm. strange. somehow ONTAP thinks that your certificate is not correct. what ONTAP version is this?

9.16.1
KB is missing the -vserver ... parameter
Does this affect?