Netapp C-Mode Certificate Renewal


In this tutorial I will show you how to renewal a Netapp vserver certificate via the command line.

Netapp Vserver Certificate Renewal

Firstly we want to have a look at the certificate that is attached to our vserver called SVM1

::> security certificate show -vserver SVM1 -fields expiration,common-name,ca,serial


At the time of this post we can see that the certificate expiry date is well into the future. We will be deleting this certificate and re-creating a new one for this tutorial.

We are going to want to take note of the serial number on the certificate that we wish to delete. In the example above we can see that the serial number is 532655944DCB0

To delete the certificate we will type:

::> security certificate delete -vserver SVM1 -common-name SVM1 -ca SVM1 -type server -serial 532655944DCB0

You will be presented with asking for confirmation in deleting the certificate.


Once you have deleted the certificate we can recreate a new certificate by typing in the following command:

::> security certificate create -vserver SVM1 -common-name SVM1 -size 2048 -type server -country AU -expiry-days 1825 -hash function SHA256

Change the following command line options to suite your certificate, -common-name, -country, -expiry-days

Now that the new certificate has been created, you can type the following command to view its information:

::> security certificate show -vserver SVM1 -fields expiration,common-name,ca,serial


We can see in the screen shot above that the expiry date is now 2021

Netapp Vserver Certificate Check

Lastly we will associate this new certificate with our SVM. To do that we type in:

::> ssl modify -vserver SVM1 -server-enabled true

The next command will verify the ssl certificate on the vserver

::> ssl show -vserver SVM1