Install Wildcard Certificate on NetApp Controller

Many companies buy wildcard certificates for many reasons: price, management, flexibility, etc.

The following guide shows how to install a wildcard certificate from DigiCert on your NetApp controllers.

You will need the following 3 files in PEM format: DigiCertCA.pem // This is the Certificate Authority, in this case from DigiCert wildcard_example_com.pem // This is the wildcard certificate wildcard_example_com_key.pem // This is the private key

1) Stop SSL on the NetApp controller filer> secureadmin disable ssl

Now From a Linux/Unix system:

2) mount the NetApp’s vol0 LinuxStation# mkdir /mnt/filer LinuxStation# mount filer.example.com:/vol/vol0 /mnt/filer

3) Go to the keymgr folder and backup the current certificate and key.

# Backup Certificate LinuxStation# cd /mnt/filer/etc/keymgr/cert/ LinuxStation:/mnt/filer/etc/keymgr/cert/# mv secureadmin.pem secureadmin.pem.bak

# Backup Key LinuxStation# cd /mnt/filer/etc/keymgr/key/ LinuxStation:/mnt/filer/etc/keymgr/key/# mv secureadmin.pem secureadmin.pem.bak

4) Create the new files based on the wildcard certificate files, assuming you placed them on /opt/certificates

# Create Certificate LinuxStation# cd /opt/certificates/ LinuxStation:/opt/certificates/# cat wildcard_example_com.pem DigiCertCA.pem > secureadmin_cert.pem LinusStation# mv /opt/certificates/secureadmin_cert.pem /mnt/filer/etc/keymgr/cert/secureadmin.pem

# Create Key LinuxStation# cd /opt/certificates/ LinuxStation:/opt/certificates/# cat wildcard_example_com_key.pem > secureadmin_key.pem LinusStation# mv /opt/certificates/secureadmin_key.pem /mnt/filer/etc/keymgr/key/secureadmin.pem

5) On the NetApp controller, add the new cert: filer> secureadmin addcert ssl /etc/keymgr/cert/secureadmin.pem

6) Enable SSL filer> secureadmin enable ssl