Problem:
How do I renew the SSL certificate used by a NetApp FAS or AFF Series?
Solution:
Run commands to set privileged mode and get the current security certificate information:
set -privilege advanced
security certificate show
Once you have identified the certificate that is expiring from the above, run the below command:
security certificate show -instance -vserver san -cert-name san_13DHDHSH233DJKDKD or security certificate show -instance -vserver san -common-name san
Delete the old certificate:
security certificate delete -common-name san -ca san -type server -vserver san -serial 13DHDHSH233DJKDKD
Check SSL status:
ssl show
Create the new certificate:
security certificate create -vserver san -common-name san -size 2048 -type server -country UK -expire-days 3650 -hash-function SHA256
Check the certificate:
security certificate show -instance -vserver san -common-name san
SSL will still show disabled:
ssl show
Enable SSL:
ssl modify -vserver san -server-enabled true
Check status again:
SSL will still show disabled:
ssl show
See the NetApp article for more details