Hello,
we want to import a new Certificate Authority (CA) signed certificate in our FAS2552 (ONTAP 9.8).
After install with "security certificate install -vserver NAME -type -server-ca" and so on, all looks fine:
Checking the certificate looked like this:
FAS25521::> security certificate show -cert-name FAS2552n.xxxxxx.de
Vserver Serial Number Certificate Name Type
---------- --------------- -------------------------------------- ------------
FAS2552x 6D00015BC54A82ECA7B2ECE64C0002nnnnnnnn
FAS2552n.xxxxxx.de server-ca
Certificate Authority: xxxxxxxxxx Systemhaus Enterprise CA nn
Expiration Date: Fri Dec 09 11:49:53 2022
FAS25521::>
But if we want to modify the SSL security configuration for the cluster SVM to use the new certificate we got an Error:
FAS2552x::> security ssl modify -vserver FAS2552n -serial 6D00015BC54A82ECA7B2ECE64C0002nnnnnnnn -ca "xxxxxxxxxx Systemhaus Enterprise CA nn" -server-enabled true
Error: command failed: Certificate with CA: "xxxxxxxxxx Systemhaus Enterprise CA nn" and Serial-number: "6D00015BC54A82ECA7B2ECE64C0002nnnnnnnn" does not exist.
FAS2552x::>
Although CA and serial number are correct, a certificate with this information allegedly does not exist.
But also, when I display the certificate via the serial number, I get the following
FAS25521::> security certificate show -serial 6D00015BC54A82ECA7B2ECE64C0002nnnnnn -fields serial, ca
vserver common-name serial ca type subtype cert-name
-------- ------------------- -------------------------------------- ---------------------------------------- --------- ------- -------------------
FAS2552n FAS2552n.xxxxxx.de 6D00015BC54A82ECA7B2ECE64C0002nnnnnn "xxxxxxxxxx Systemhaus Enterprise CA nn" server-ca - FAS2552n.xxxxxx.de
FAS25521::>
Actually everything correct - or not ? What is wrong?
Any ideas?
Thanks a lot
Best regards
Michael