Skip to main content

Generating and installing a CA-signed server certificate

On production systems, it is a best practice to install a CA-signed digital certificate for use in authenticating the cluster or SVM as an SSL server. You can use the security certificate generate-csr command to generate a certificate signing request (CSR), and the security certificate install command to install the certificate you receive back from the certificate authority.

  • Generating a certificate signing request
    You can use the security certificate generate-csr command to generate a certificate signing request (CSR). After processing your request, the certificate authority (CA) sends you the signed digital certificate.
  • Installing a CA-signed server certificate
    You can use the security certificate install command to install a CA-signed server certificate on an SVM . ONTAP prompts you for the certificate authority (CA) root and intermediate certificates that form the certificate chain of the server certificate.
Related tasks