How to Install a Enterprise/Public CA SSL Certificate on a Clustered NetApp Web UI

-

Installing a valid SSL certificate on a Clustered NetApp is a relatively straightforward task once you understand the commands. The key takeaway pointers are to already have your certificate and the complete certificate chain available. Quite often you may not have the RootCA certificate and will need to obtain that prior to installing your certificate on the NetApp.

How it works:

The basics of what commands are needed on the NetApp Cluster are as follows:
  • set -privilege advanced
  • security certificate show
    • Copy $VServer_Name name and $SerialNumber
  • security certificate delete -vserver $VServer_Name -common-name $VServer_Name -ca $VServer_Name -type server -serial $SerialNumber
    • To just remove all SSL certificates for a Vserver: security certificate delete -vserver $VServer_Name 
  • security certificate install -type server
    • Paste contents of F.Q.D.N.cer
    • Paste contents of F.Q.D.N.key
    • Paste contents of CA-Intermediate.cer
    • Paste contents of CA-Root.cer
  • security certificate show
    • Copy $VServer_Name name, $SerialNumber, and $CA_Name
  • security ssl modify -vserver $VServer_Name -server-enabled true -serial $Serial_number -ca "$CA_Name"
  • security ssl show
  • set -privilege admin

What else?

I have also largely automated creating the script for the above process, you can see my blog post about Automating Enterprise/Public CA SSL Certificate Installation for Clustered NetApp.


Below is a transcript you can follow from start to finish:

Comments

Post a Comment

Popular posts from this blog

Sierra Wireless LTE Modem Guide: Automated Flashing of the EM7455/MC7455 with a Ubuntu Linux 18.04 LiveCD

-
Image
I've written a bash script to automate the entire process of setting up any of the EM/MC74XX series modems (Generic, Dell, Lenovo). This assumes you have the Sierra card inserted into a USB enclosure. This post is part of my Sierra Wireless LTE Modem Guide Series . If you prefer to skip the blog nature of these guides and just grab the bare features and commands, my  GitHub repository  will serve as the authoritative source for this entire series. Any changes or updates will occur there first. From the script description: - Only for use on Ubuntu 18.04 LTS LiveUSB - All Needed Packages will Auto-Install - Sets MBIM Mode with AT Commands Access - Changes all models of EM74XX/MC74XX Modems to the Generic Sierra Wireless VID/PID - Clears Band Restrictions and Places Modem in LTE only mode. - Flashes the Current Generic Firmware as of 2018-07-18 Link to script: https://github.com/danielewood/sierra-wireless-modems/blob/master/autoflash-7455.sh If you are feeling bra
Read more

Installing OpenWRT/ROOter on a RBM33G/RBM11G

-
Image
Installing OpenWRT/ROOter on a RBM33G/RBM11G Download the latest ROOter for the RBM33G Putty portable tftpd64 portable Extract all of the above to:  C:\Users\Public\Downloads Setup Network Interface connected to RBM33G/RMB11G POE port: IP: 192.168.1.2 Mask: 255.255.255.0 Gateway: 192.168.1.1 DNS1: 192.168.1.1 Disable Windows Firewall From an administrator command prompt: NetSh Advfirewall set allprofiles state off Configure and start tftpd32/64 Option 1: Overwrite tftpd32.ini with  this one  and start tftpd64. Change the BootFile name if needed. Option 2: Use screenshots for the settings, restart tftpd64 after you make your changes Open Putty to the COM port of your USB to Serial Adapter with a baud rate of 115200 Plug in/powercycle your router, press any key within 2 seconds to enter setup. Boot from the network by pressing the following key sequence: o - boot options e - ethernet o - boot options b - boot
Read more

Resetting and Upgrading the APC AP9606 NMC

-
The APC AP9606 is a very old NMC for the Smart-UPS line. They go for under $10 each on ebay and are great for use on an isolated VLAN for SNMP alerts and actions. Their network interface is only 10BaseT, but that is a non-issue for the purpose they serve and they work without issue on most gigabit switches. General Notes The default username/password is apc/apc. The AP9606 does not support DHCP, it supports only Static IP addresses or BOOTP. Setting the time on the AP9606 is broken on both the WebUI and on Telnet. If you discover how to successfully set a date and time, I will accept pull requests to this document. Unauthenticated SMTP Mail alerts work with GSuite SMTP Relay, as long as you have whitelisted your WAN IP. Discover/Reset IP Address Connect to the same layer 2 network as a PC. Use Wireshark and filter for:  eth.src[0:3]==00:c0:b7 Reset the AP9606 (hold reset button for 2-3 seconds) After about 30 seconds, you will see the AP9606 doing ARP lookups.
Read more