ONTAP 9.12.1 commands
←PDF
application commands
application provisioning commands
autobalance commands
cluster commands
cluster add-node-status-clear-failed
cluster agent commands
cluster agent connection create
cluster agent connection delete
cluster controller-replacement commands
cluster controller-replacement network displaced-interface delete
cluster controller-replacement network displaced-interface restore-home-node
cluster controller-replacement network displaced-interface show
cluster controller-replacement network displaced-vlans delete
cluster controller-replacement network displaced-vlans restore
cluster date commands
cluster image commands
cluster image show-update-history
cluster image show-update-log-detail
cluster kernel-service commands
cluster log-forwarding commands
cluster peer commands
cluster quorum-service commands
cluster ring commands
cluster statistics commands
cluster time-service commands
cluster time-service ntp key create
cluster time-service ntp key delete
cluster time-service ntp key modify
cluster time-service ntp key show
cluster time-service ntp security modify
cluster time-service ntp security show
cluster time-service ntp server create
cluster time-service ntp server delete
cluster time-service ntp server modify
cluster time-service ntp server reset
event commands
event catalog commands
event config commands
event filter commands
event log commands
event notification commands
event notification destination create
event notification destination delete
event notification destination modify
event notification destination prepare-for-revert
event status commands
job commands
job history commands
job initstate commands
job private commands
lun commands
lun copy commands
lun igroup commands
lun import commands
lun move commands
lun persistent-reservation commands
lun portset commands
lun transition commands
metrocluster commands
metrocluster check commands
metrocluster check disable-periodic-check
metrocluster check enable-periodic-check
metrocluster check aggregate show
metrocluster check cluster show
metrocluster check config-replication show-aggregate-eligibility
metrocluster check config-replication show-capture-status
metrocluster check config-replication show
metrocluster check connection show
metrocluster config-replication commands
metrocluster config-replication cluster-storage-configuration modify
metrocluster config-replication cluster-storage-configuration show
metrocluster configuration-settings commands
metrocluster configuration-settings show-status
metrocluster configuration-settings calibration measure
metrocluster configuration-settings calibration show
metrocluster configuration-settings connection check
metrocluster configuration-settings connection connect
metrocluster configuration-settings connection disconnect
metrocluster configuration-settings connection show
metrocluster configuration-settings dr-group create
metrocluster configuration-settings dr-group delete
metrocluster configuration-settings dr-group show
metrocluster configuration-settings interface create
metrocluster configuration-settings interface delete
metrocluster configuration-settings interface show
metrocluster configuration-settings mediator add
metrocluster interconnect commands
metrocluster interconnect adapter modify
metrocluster interconnect adapter show
metrocluster node commands
network commands
network arp commands
network bgp commands
network connections commands
network connections active show-clients
network connections active show-lifs
network connections active show-protocols
network connections active show-services
network device-discovery commands
network fcp commands
network interface commands
network interface start-cluster-check
network interface capacity show
network interface capacity details show
network interface check cluster-connectivity show
network interface check cluster-connectivity start
network interface check failover show
network interface dns-lb-stats show
network interface failover-groups add-targets
network interface failover-groups create
network interface failover-groups delete
network interface failover-groups modify
network interface failover-groups remove-targets
network interface failover-groups rename
network interface failover-groups show
network interface lif-weights show
network interface service show
network interface service-policy add-service
network interface service-policy clone
network interface service-policy create
network interface service-policy delete
network interface service-policy modify-service
network interface service-policy remove-service
network interface service-policy rename
network ipspace commands
network ndp commands
network ndp default-router delete-all
network ndp default-router show
network ndp neighbor active-entry delete
network options commands
network options cluster-health-notifications modify
network options cluster-health-notifications show
network options detect-switchless-cluster modify
network options detect-switchless-cluster show
network options load-balancing modify
network options load-balancing show
network options multipath-routing modify
network options multipath-routing show
network options port-health-monitor disable-monitors
network options port-health-monitor enable-monitors
network options port-health-monitor modify
network options port-health-monitor show
network options send-soa modify
network port commands
network port show-address-filter-info
network port broadcast-domain add-ports
network port broadcast-domain create
network port broadcast-domain delete
network port broadcast-domain merge
network port broadcast-domain modify
network port broadcast-domain move
network port broadcast-domain remove-ports
network port broadcast-domain rename
network port broadcast-domain show
network port broadcast-domain split
network port ifgrp remove-port
network port reachability repair
network port reachability scan
network route commands
network subnet commands
network test-link commands
pod commands
pod status commands
protection-type commands
qos commands
qos adaptive-policy-group commands
qos adaptive-policy-group create
qos adaptive-policy-group delete
qos adaptive-policy-group modify
qos policy-group commands
qos settings commands
qos statistics commands
qos statistics characteristics show
qos statistics performance show
qos statistics resource cpu show
qos statistics resource disk show
qos statistics volume characteristics show
qos statistics volume latency show
qos statistics volume performance show
qos statistics volume resource cpu show
qos statistics volume resource disk show
qos statistics workload characteristics show
qos statistics workload latency show
qos statistics workload performance show
san commands
security commands
security anti-ransomware commands
security anti-ransomware volume disable
security anti-ransomware volume dry-run
security anti-ransomware volume enable
security anti-ransomware volume pause
security anti-ransomware volume resume
security anti-ransomware volume show
security anti-ransomware volume attack clear-suspect
security anti-ransomware volume attack generate-report
security anti-ransomware volume attack-detection-parameters modify
security anti-ransomware volume attack-detection-parameters show
security anti-ransomware volume space show
security anti-ransomware volume workload-behavior clear-surge
security anti-ransomware volume workload-behavior show
security anti-ransomware volume workload-behavior update-baseline-from-surge
security certificate commands
security certificate generate-csr
security certificate show-generated
security certificate show-truststore
security certificate show-user-installed
security certificate ca-issued revoke
security certificate ca-issued show
security certificate config modify
security certificate config show
security certificate truststore check
security config commands
security cryptomod-fips commands
security ipsec commands
security ipsec ca-certificate add
security ipsec ca-certificate remove
security key-manager commands
security key-manager create-key
security key-manager delete-key-database
security key-manager delete-kmip-config
security key-manager prepare-to-downgrade
security key-manager show-key-store
security key-manager update-passphrase
security key-manager backup show
security key-manager config modify
security key-manager config show
security key-manager external add-servers
security key-manager external disable
security key-manager external enable
security key-manager external modify-server
security key-manager external modify
security key-manager external remove-servers
security key-manager external restore
security key-manager external show-status
security key-manager external show
security key-manager external aws check
security key-manager external aws disable
security key-manager external aws enable
security key-manager external aws rekey-external
security key-manager external aws rekey-internal
security key-manager external aws restore
security key-manager external aws show
security key-manager external aws update-credentials
security key-manager external azure check
security key-manager external azure disable
security key-manager external azure enable
security key-manager external azure rekey-external
security key-manager external azure rekey-internal
security key-manager external azure restore
security key-manager external azure show
security key-manager external azure update-client-secret
security key-manager external azure update-credentials
security key-manager external gcp check
security key-manager external gcp disable
security key-manager external gcp enable
security key-manager external gcp rekey-external
security key-manager external gcp rekey-internal
security key-manager external gcp restore
security key-manager external gcp show
security key-manager external gcp update-credentials
security key-manager key create
security key-manager key delete
security key-manager key migrate
security key-manager key query
security key-manager key key-table create
security key-manager key key-table delete
security key-manager key key-table modify
security key-manager key key-table show
security key-manager onboard disable
security key-manager onboard enable
security key-manager onboard show-backup
security key-manager onboard sync
security key-manager onboard update-passphrase
security login commands
security login expire-password
security login password-prepare-to-downgrade
security login domain-tunnel create
security login domain-tunnel delete
security login domain-tunnel modify
security login domain-tunnel show
security login publickey create
security login publickey delete
security login publickey load-from-uri
security login publickey modify
security login rest-role create
security login rest-role delete
security login rest-role modify
security login rest-role expanded-rest-roles modify
security login rest-role expanded-rest-roles show
security login role prepare-to-downgrade
security login role show-ontapi
security login role config modify
security multi-admin-verify commands
security multi-admin-verify modify
security multi-admin-verify show
security multi-admin-verify approval-group create
security multi-admin-verify approval-group delete
security multi-admin-verify approval-group modify
security multi-admin-verify approval-group replace
security multi-admin-verify approval-group show
security multi-admin-verify request approve
security multi-admin-verify request create
security multi-admin-verify request delete
security multi-admin-verify request show-pending
security multi-admin-verify request show
security multi-admin-verify request veto
security multi-admin-verify rule create
security multi-admin-verify rule delete
security protocol commands
security saml-sp commands
security session commands
security session limit application create
security session limit application delete
security session limit application modify
security session limit application show
security session limit location create
security session limit location delete
security session limit location modify
security session limit location show
security session limit request create
security session limit request delete
security session limit request modify
security session limit request show
security session limit user create
security session limit user delete
security session limit user modify
security session limit user show
security session limit vserver create
security session limit vserver delete
security session limit vserver modify
security session limit vserver show
security session request-statistics show-by-application
security session request-statistics show-by-location
security session request-statistics show-by-request
security ssh commands
security tpm commands
snaplock commands
snaplock compliance-clock commands
snaplock compliance-clock initialize
snaplock compliance-clock show
snaplock event-retention commands
snaplock event-retention abort
snaplock event-retention apply
snaplock event-retention show-vservers
snaplock event-retention policy create
snaplock event-retention policy delete
snapmirror commands
snapmirror config-replication commands
snapmirror config-replication cluster-storage-configuration modify
snapmirror config-replication cluster-storage-configuration show
snapmirror config-replication status show-aggregate-eligibility
snapmirror mediator commands
snapmirror mediator primary-bias show
snapmirror object-store commands
snapmirror object-store config create
snapmirror object-store config delete
snapmirror object-store config modify
snapmirror object-store config show
snapmirror object-store profiler abort
snapmirror policy commands
snapmirror snapshot-owner commands
snapmirror snapshot-owner create
statistics commands
statistics aggregate commands
statistics cache commands
statistics disk commands
statistics lif commands
statistics lun commands
statistics namespace commands
statistics nfs commands
statistics node commands
statistics oncrpc commands
statistics port commands
statistics preset commands
statistics qtree commands
statistics system commands
statistics volume commands
statistics vserver commands
statistics workload commands
statistics-v1 commands
statistics-v1 nfs commands
statistics-v1 protocol-request-size commands
storage-service commands
storage commands
storage aggregate commands
storage aggregate auto-provision
storage aggregate remove-stale-record
storage aggregate show-auto-provision-progress
storage aggregate show-cumulated-efficiency
storage aggregate show-efficiency
storage aggregate show-resync-status
storage aggregate show-scrub-status
storage aggregate show-spare-disks
storage aggregate efficiency show
storage aggregate efficiency stat
storage aggregate efficiency cross-volume-dedupe revert-to
storage aggregate efficiency cross-volume-dedupe show
storage aggregate efficiency cross-volume-dedupe start
storage aggregate efficiency cross-volume-dedupe stop
storage aggregate encryption show-key-id
storage aggregate inode-upgrade resume
storage aggregate inode-upgrade show
storage aggregate object-store attach
storage aggregate object-store mirror
storage aggregate object-store modify
storage aggregate object-store show-freeing-status
storage aggregate object-store show-resync-status
storage aggregate object-store show-space
storage aggregate object-store show
storage aggregate object-store unmirror
storage aggregate object-store config create
storage aggregate object-store config delete
storage aggregate object-store config modify
storage aggregate object-store config rename
storage aggregate object-store config show
storage aggregate object-store profiler abort
storage aggregate object-store profiler show
storage aggregate object-store profiler start
storage aggregate object-store put-rate-limit modify
storage aggregate object-store put-rate-limit show
storage aggregate plex offline
storage aggregate reallocation quiesce
storage aggregate reallocation restart
storage aggregate reallocation schedule
storage aggregate reallocation show
storage aggregate reallocation start
storage aggregate reallocation stop
storage aggregate relocation show
storage aggregate relocation start
storage aggregate resynchronization modify
storage aggregate resynchronization show
storage array commands
storage automated-working-set-analyzer commands
storage automated-working-set-analyzer show
storage automated-working-set-analyzer start
storage disk commands
storage disk refresh-ownership
storage disk remove-reservation
storage dqp commands
storage encryption commands
storage encryption disk destroy
storage encryption disk modify
storage encryption disk revert-to-original-state
storage encryption disk sanitize
storage errors commands
storage failover commands
storage failover show-giveback
storage failover show-takeover
storage failover hwassist show
storage failover hwassist test
storage failover hwassist stats clear
storage failover hwassist stats show
storage failover internal-options show
storage firmware commands
storage iscsi-initiator commands
storage iscsi-initiator add-target
storage iscsi-initiator connect
storage iscsi-initiator disconnect
storage path commands
storage pool commands
storage port commands
storage shelf commands
storage shelf drawer show-slot
storage shelf firmware show-update-status
storage shelf location-led modify
system commands
system bridge commands
system bridge config-dump collect
system bridge config-dump delete
system bridge config-dump show
system configuration commands
system configuration backup copy
system configuration backup create
system configuration backup delete
system configuration backup download
system configuration backup rename
system configuration backup show
system configuration backup upload
system configuration backup settings clear-password
system configuration backup settings modify
system configuration backup settings set-password
system configuration backup settings show
system configuration recovery cluster modify
system configuration recovery cluster recreate
system configuration recovery cluster rejoin
system configuration recovery cluster show
system controller commands
system controller bootmedia show-serial-number
system controller bootmedia show
system controller clus-flap-threshold show
system controller config show-errors
system controller config pci show-add-on-devices
system controller config pci show-hierarchy
system controller coredump-device show-serial-number
system controller coredump-device show
system controller environment show
system controller flash-cache show
system controller flash-cache secure-erase run
system controller flash-cache secure-erase show
system controller fru show-manufacturing-info
system controller fru led disable-all
system controller fru led enable-all
system controller fru led modify
system controller fru led show
system controller hardware-license show
system controller hardware-license update
system controller location-led modify
system controller location-led show
system controller memory dimm show
system controller nvram-bb-threshold show
system controller pcicerr threshold modify
system controller pcicerr threshold show
system controller platform-capability show
system controller replace cancel
system controller replace pause
system controller replace resume
system controller replace show-details
system controller replace show
system controller replace start
system controller service-event delete
system controller service-event show
system controller slot module insert
system controller slot module remove
system controller slot module replace
system controller slot module show
system fru-check commands
system ha commands
system ha interconnect config show
system ha interconnect link off
system ha interconnect link on
system ha interconnect ood clear-error-statistics
system ha interconnect ood clear-performance-statistics
system ha interconnect ood disable-optimization
system ha interconnect ood disable-statistics
system ha interconnect ood enable-optimization
system ha interconnect ood enable-statistics
system ha interconnect ood send-diagnostic-buffer
system ha interconnect ood status show
system ha interconnect port show
system ha interconnect statistics clear-port-symbol-error
system ha interconnect statistics clear-port
system ha interconnect statistics show-scatter-gather-list
system health commands
system health alert definition show
system health autosupport trigger history show
system health policy definition modify
system license commands
system license show-aggregates
system license show-serial-numbers
system license entitlement-risk show
system license license-manager check
system license license-manager modify
system limits commands
system node commands
system node autosupport invoke-core-upload
system node autosupport invoke-diagnostic
system node autosupport invoke-performance-archive
system node autosupport invoke-splog
system node autosupport invoke
system node autosupport modify
system node autosupport check show-details
system node autosupport check show
system node autosupport destinations show
system node autosupport history cancel
system node autosupport history retransmit
system node autosupport history show-upload-details
system node autosupport history show
system node autosupport manifest show
system node autosupport trigger modify
system node autosupport trigger show
system node coredump delete-all
system node coredump config modify
system node coredump config show
system node coredump external-device save
system node coredump external-device show
system node coredump reports delete
system node coredump reports show
system node coredump reports upload
system node coredump segment delete-all
system node coredump segment delete
system node coredump segment show
system node environment sensors show
system node external-cache modify
system node external-cache show
system node hardware nvram-encryption modify
system node hardware nvram-encryption show
system node hardware tape drive show
system node hardware tape library show
system node hardware unified-connect modify
system node hardware unified-connect show
system node image abort-operation
system node image show-update-progress
system node image package delete
system node image package show
system node image package external-device delete
system node image package external-device show
system node internal-switch show
system node internal-switch dump stat
system node upgrade-revert show
system node upgrade-revert upgrade
system node virtual-machine show-network-load-balancer
system node virtual-machine disk-object-store create
system node virtual-machine disk-object-store delete
system node virtual-machine disk-object-store modify
system node virtual-machine disk-object-store show
system node virtual-machine hypervisor show
system script commands
system service-processor commands
system service-processor reboot-sp
system service-processor api-service check
system service-processor api-service disable-installed-certificates
system service-processor api-service enable-installed-certificates
system service-processor api-service modify
system service-processor api-service regenerate-ssh-auth-key
system service-processor api-service renew-internal-certificates
system service-processor api-service show
system service-processor image modify
system service-processor image show
system service-processor image update
system service-processor image update-progress show
system service-processor log show-allocations
system service-processor network modify
system service-processor network show
system service-processor network auto-configuration disable
system service-processor network auto-configuration enable
system service-processor network auto-configuration show
system service-processor ssh add-allowed-addresses
system services commands
system services firewall modify
system services firewall policy clone
system services firewall policy create
system services firewall policy delete
system services firewall policy modify
system services firewall policy show
system services manager install show
system services manager policy add
system services manager policy remove
system services manager policy setstate
system services manager policy show
system services manager status show
system services ndmp log start
system services ndmp node-scope-mode off
system services ndmp node-scope-mode on
system services ndmp node-scope-mode status
system services ndmp service modify
system services ndmp service show
system services ndmp service start
system services ndmp service stop
system smtape commands
system snmp commands
system status commands
system switch commands
system switch ethernet configure-health-monitor
system switch ethernet show-all
system switch ethernet fan show
system switch ethernet interface show
system switch ethernet log collect
system switch ethernet log disable-collection
system switch ethernet log enable-collection
system switch ethernet log modify
system switch ethernet log setup-password
system switch ethernet log show
system switch ethernet polling-interval modify
system switch ethernet polling-interval show
system switch ethernet power show
system switch ethernet switch-count show
system switch ethernet temperature show
system switch ethernet threshold show
system switch fibre-channel add
system switch fibre-channel modify
system switch fibre-channel refresh
template commands
volume commands
volume transition-prepare-to-downgrade
volume activity-tracking commands
volume analytics commands
volume analytics initialization pause
volume clone commands
volume clone sharing-by-split show
volume clone sharing-by-split undo show
volume clone sharing-by-split undo start-all
volume clone sharing-by-split undo start
volume efficiency commands
volume efficiency prepare-to-downgrade
volume efficiency inactive-data-compression modify
volume efficiency inactive-data-compression show
volume efficiency inactive-data-compression start
volume efficiency inactive-data-compression stop
volume efficiency inactive-data-reallocation modify
volume efficiency inactive-data-reallocation show
volume efficiency policy create
volume efficiency policy delete
volume encryption commands
volume encryption conversion pause
volume encryption conversion resume
volume encryption conversion show
volume encryption conversion start
volume encryption rekey resume
volume encryption secure-purge abort
volume file commands
volume file async-delete cancel
volume file async-delete prepare-for-revert
volume file async-delete start
volume file async-delete client disable
volume file async-delete client enable
volume file async-delete client show
volume file clone show-autodelete
volume file clone deletion add-extension
volume file clone deletion modify
volume file clone deletion remove-extension
volume file clone deletion show
volume file clone split load modify
volume flexcache commands
volume flexcache config-refresh
volume flexcache prepare-to-downgrade
volume flexcache sync-properties
volume flexcache origin show-caches
volume flexcache origin config modify
volume flexgroup commands
volume move commands
volume qtree commands
volume quota commands
volume quota policy rule create
volume quota policy rule delete
volume reallocation commands
volume rebalance commands
volume rebalance file-move abort
volume rebalance file-move modify
volume rebalance file-move show
volume rebalance file-move start
volume schedule-style commands
volume snaplock commands
volume snapshot commands
volume snapshot compute-reclaimable
volume snapshot modify-snaplock-expiry-time
volume snapshot partial-restore-file
volume snapshot prepare-for-revert
volume snapshot autodelete modify
volume snapshot autodelete show
volume snapshot policy add-schedule
volume snapshot policy modify-schedule
volume transition-convert-dir commands
vserver commands
vserver active-directory commands
vserver active-directory create
vserver active-directory delete
vserver active-directory modify
vserver active-directory password-change
vserver audit commands
vserver audit prepare-to-downgrade
vserver audit audit-log-redirect create
vserver audit audit-log-redirect delete
vserver check commands
vserver check lif-multitenancy run
vserver cifs commands
vserver cifs add-netbios-aliases
vserver cifs prepare-to-downgrade
vserver cifs remove-netbios-aliases
vserver cifs security-encryption-required-dc-connections-prepare-to-downgrade
vserver cifs branchcache create
vserver cifs branchcache delete
vserver cifs branchcache hash-create
vserver cifs branchcache hash-flush
vserver cifs branchcache modify
vserver cifs cache name-to-sid delete-all
vserver cifs cache name-to-sid delete
vserver cifs cache name-to-sid show
vserver cifs cache settings modify
vserver cifs cache settings show
vserver cifs cache sid-to-name delete-all
vserver cifs cache sid-to-name delete
vserver cifs cache sid-to-name show
vserver cifs character-mapping create
vserver cifs character-mapping delete
vserver cifs character-mapping modify
vserver cifs character-mapping show
vserver cifs domain discovered-servers reset-servers
vserver cifs domain discovered-servers show
vserver cifs domain discovered-servers discovery-mode modify
vserver cifs domain discovered-servers discovery-mode show
vserver cifs domain name-mapping-search add
vserver cifs domain name-mapping-search modify
vserver cifs domain name-mapping-search remove
vserver cifs domain name-mapping-search show
vserver cifs domain password change
vserver cifs domain password reset
vserver cifs domain password schedule modify
vserver cifs domain password schedule show
vserver cifs domain preferred-dc add
vserver cifs domain preferred-dc check
vserver cifs domain preferred-dc remove
vserver cifs domain preferred-dc show
vserver cifs domain trusts rediscover
vserver cifs domain trusts show
vserver cifs group-policy modify
vserver cifs group-policy show-applied
vserver cifs group-policy show-defined
vserver cifs group-policy show
vserver cifs group-policy update
vserver cifs group-policy central-access-policy show-applied
vserver cifs group-policy central-access-policy show-defined
vserver cifs group-policy central-access-rule show-applied
vserver cifs group-policy central-access-rule show-defined
vserver cifs group-policy restricted-group show-applied
vserver cifs group-policy restricted-group show-defined
vserver cifs home-directory modify
vserver cifs home-directory show-user
vserver cifs home-directory show
vserver cifs home-directory search-path add
vserver cifs home-directory search-path remove
vserver cifs home-directory search-path reorder
vserver cifs home-directory search-path show
vserver cifs session file close
vserver cifs session file show
vserver cifs share access-control create
vserver cifs share access-control delete
vserver cifs share access-control modify
vserver cifs share access-control show
vserver cifs share properties add
vserver cifs share properties remove
vserver cifs share properties show
vserver cifs users-and-groups remove-stale-records
vserver cifs users-and-groups update-names
vserver cifs users-and-groups local-group add-members
vserver cifs users-and-groups local-group create
vserver cifs users-and-groups local-group delete
vserver cifs users-and-groups local-group modify
vserver cifs users-and-groups local-group remove-members
vserver cifs users-and-groups local-group rename
vserver cifs users-and-groups local-group show-members
vserver cifs users-and-groups local-group show
vserver cifs users-and-groups local-user create
vserver cifs users-and-groups local-user delete
vserver cifs users-and-groups local-user modify
vserver cifs users-and-groups local-user rename
vserver cifs users-and-groups local-user set-password
vserver cifs users-and-groups local-user show-membership
vserver cifs users-and-groups local-user show
vserver cifs users-and-groups privilege add-privilege
vserver cifs users-and-groups privilege remove-privilege
vserver config-replication commands
vserver config-replication pause
vserver export-policy commands
vserver export-policy check-access
vserver export-policy access-cache flush
vserver export-policy access-cache show-rules
vserver export-policy access-cache show
vserver export-policy access-cache config modify-all-vservers
vserver export-policy access-cache config modify
vserver export-policy access-cache config show-all-vservers
vserver export-policy access-cache config show
vserver export-policy cache flush
vserver export-policy config-checker show
vserver export-policy config-checker start
vserver export-policy config-checker stop
vserver export-policy config-checker rule delete
vserver export-policy config-checker rule show
vserver export-policy netgroup check-membership
vserver export-policy netgroup cache show
vserver export-policy netgroup queue show
vserver export-policy rule add-clientmatches
vserver export-policy rule create
vserver export-policy rule delete
vserver export-policy rule modify
vserver export-policy rule remove-clientmatches
vserver fpolicy commands
vserver fpolicy engine-connect
vserver fpolicy engine-disconnect
vserver fpolicy show-passthrough-read-connection
vserver fpolicy policy event create
vserver fpolicy policy event delete
vserver fpolicy policy event modify
vserver fpolicy policy event show
vserver fpolicy policy external-engine create
vserver fpolicy policy external-engine delete
vserver fpolicy policy external-engine modify
vserver fpolicy policy external-engine show
vserver fpolicy policy scope create
vserver fpolicy policy scope delete
vserver http-proxy commands
vserver iscsi commands
vserver iscsi connection shutdown
vserver iscsi interface disable
vserver iscsi interface enable
vserver iscsi interface modify
vserver iscsi interface accesslist add
vserver iscsi interface accesslist remove
vserver iscsi interface accesslist show
vserver iscsi security add-initator-address-ranges
vserver iscsi security default
vserver iscsi security prepare-to-downgrade
vserver iscsi security remove-initator-address-ranges
vserver locks commands
vserver name-mapping commands
vserver nfs commands
vserver nfs prepare-for-v3-ms-dos-client-downgrade
vserver nfs prepare-to-downgrade
vserver nfs connected-clients show
vserver nfs kerberos interface disable
vserver nfs kerberos interface enable
vserver nfs kerberos interface modify
vserver nfs kerberos interface show
vserver nfs kerberos realm create
vserver nfs kerberos realm delete
vserver nfs kerberos realm modify
vserver nfs kerberos realm show
vserver nfs pnfs devices create
vserver nfs pnfs devices delete
vserver nvme commands
vserver nvme show-discovery-controller
vserver nvme namespace convert-from-lun
vserver nvme subsystem controller show
vserver nvme subsystem host add
vserver nvme subsystem host remove
vserver nvme subsystem host show
vserver nvme subsystem map add
vserver object-store-server commands
vserver object-store-server create
vserver object-store-server delete
vserver object-store-server modify
vserver object-store-server show
vserver object-store-server audit create
vserver object-store-server audit delete
vserver object-store-server audit disable
vserver object-store-server audit enable
vserver object-store-server audit modify
vserver object-store-server audit rotate-log
vserver object-store-server audit show
vserver object-store-server audit event-selector create
vserver object-store-server audit event-selector delete
vserver object-store-server audit event-selector modify
vserver object-store-server audit event-selector show
vserver object-store-server bucket create
vserver object-store-server bucket delete
vserver object-store-server bucket evict-remote-cached-objects
vserver object-store-server bucket modify
vserver object-store-server bucket show-nas-bucket
vserver object-store-server bucket show
vserver object-store-server bucket policy-statement-condition create
vserver object-store-server bucket policy-statement-condition delete
vserver object-store-server bucket policy-statement-condition modify
vserver object-store-server bucket policy-statement-condition show
vserver object-store-server bucket policy statement create
vserver object-store-server bucket policy statement delete
vserver object-store-server bucket policy statement modify
vserver object-store-server bucket policy statement show
vserver object-store-server group create
vserver object-store-server group delete
vserver object-store-server group modify
vserver object-store-server group show
vserver object-store-server policy create
vserver object-store-server policy delete
vserver object-store-server policy modify
vserver object-store-server policy show
vserver object-store-server policy statement create
vserver object-store-server policy statement delete
vserver object-store-server policy statement modify
vserver object-store-server policy statement show
vserver object-store-server user create
vserver object-store-server user delete
vserver object-store-server user modify
vserver peer commands
vserver peer modify-local-name
vserver peer permission create
vserver peer permission delete
vserver peer permission modify
vserver peer transition create
vserver peer transition delete
vserver san commands
vserver security commands
vserver security file-directory apply
vserver security file-directory remove-slag
vserver security file-directory show-effective-permissions
vserver security file-directory show
vserver security file-directory job show
vserver security file-directory ntfs create
vserver security file-directory ntfs delete
vserver security file-directory ntfs modify
vserver security file-directory ntfs show
vserver security file-directory ntfs dacl add
vserver security file-directory ntfs dacl modify
vserver security file-directory ntfs dacl remove
vserver security file-directory ntfs dacl show
vserver security file-directory ntfs sacl add
vserver security file-directory ntfs sacl modify
vserver security file-directory ntfs sacl remove
vserver security file-directory ntfs sacl show
vserver security file-directory policy create
vserver security file-directory policy delete
vserver security file-directory policy show
vserver security file-directory policy task add
vserver security file-directory policy task modify
vserver security file-directory policy task remove
vserver security file-directory policy task show
vserver security trace filter create
vserver security trace filter delete
vserver security trace filter modify
vserver security trace filter show
vserver services commands
vserver services access-check authentication get-claim-name
vserver services access-check authentication get-dc-info
vserver services access-check authentication login-cifs
vserver services access-check authentication ontap-admin-ldap-fastbind
vserver services access-check authentication ontap-admin-login-cifs
vserver services access-check authentication show-creds
vserver services access-check authentication show-ontap-admin-unix-creds
vserver services access-check authentication sid-to-uid
vserver services access-check authentication sid-to-unix-name
vserver services access-check authentication translate
vserver services access-check authentication uid-to-sid
vserver services access-check dns forward-lookup
vserver services access-check dns srv-lookup
vserver services access-check name-mapping show
vserver services access-check server-discovery reset
vserver services access-check server-discovery show-host
vserver services access-check server-discovery show-site
vserver services access-check server-discovery test
vserver services name-service cache group-membership delete-all
vserver services name-service cache group-membership delete
vserver services name-service cache group-membership show
vserver services name-service cache group-membership settings modify
vserver services name-service cache group-membership settings show
vserver services name-service cache hosts forward-lookup delete-all
vserver services name-service cache hosts forward-lookup delete
vserver services name-service cache hosts forward-lookup show
vserver services name-service cache hosts reverse-lookup delete-all
vserver services name-service cache hosts reverse-lookup delete
vserver services name-service cache hosts reverse-lookup show
vserver services name-service cache hosts settings modify
vserver services name-service cache hosts settings show
vserver services name-service cache netgroups ip-to-netgroup delete-all
vserver services name-service cache netgroups ip-to-netgroup delete
vserver services name-service cache netgroups ip-to-netgroup show
vserver services name-service cache netgroups members delete-all
vserver services name-service cache netgroups members delete
vserver services name-service cache netgroups members show
vserver services name-service cache netgroups settings modify
vserver services name-service cache netgroups settings show
vserver services name-service cache settings modify
vserver services name-service cache settings show
vserver services name-service cache unix-group group-by-gid delete-all
vserver services name-service cache unix-group group-by-gid delete
vserver services name-service cache unix-group group-by-gid show
vserver services name-service cache unix-group group-by-name delete-all
vserver services name-service cache unix-group group-by-name delete
vserver services name-service cache unix-group group-by-name show
vserver services name-service cache unix-group settings modify
vserver services name-service cache unix-group settings show
vserver services name-service cache unix-user settings modify
vserver services name-service cache unix-user settings show
vserver services name-service cache unix-user user-by-id delete-all
vserver services name-service cache unix-user user-by-id delete
vserver services name-service cache unix-user user-by-id show
vserver services name-service cache unix-user user-by-name delete-all
vserver services name-service cache unix-user user-by-name delete
vserver services name-service cache unix-user user-by-name show
vserver services name-service dns check
vserver services name-service dns create
vserver services name-service dns delete
vserver services name-service dns modify
vserver services name-service dns show
vserver services name-service dns dynamic-update modify
vserver services name-service dns dynamic-update prepare-to-downgrade
vserver services name-service dns dynamic-update show
vserver services name-service dns dynamic-update record add
vserver services name-service dns dynamic-update record delete
vserver services name-service dns hosts create
vserver services name-service dns hosts delete
vserver services name-service dns hosts modify
vserver services name-service dns hosts show
vserver services name-service getxxbyyy getaddrinfo
vserver services name-service getxxbyyy getgrbygid
vserver services name-service getxxbyyy getgrbyname
vserver services name-service getxxbyyy getgrlist
vserver services name-service getxxbyyy gethostbyaddr
vserver services name-service getxxbyyy gethostbyname
vserver services name-service getxxbyyy getnameinfo
vserver services name-service getxxbyyy getpwbyname
vserver services name-service getxxbyyy getpwbyuid
vserver services name-service getxxbyyy netgrpcheck
vserver services name-service ldap check
vserver services name-service ldap create
vserver services name-service ldap delete
vserver services name-service ldap modify
vserver services name-service ldap show
vserver services name-service ldap client create
vserver services name-service ldap client delete
vserver services name-service ldap client modify-bind-password
vserver services name-service ldap client modify
vserver services name-service ldap client show
vserver services name-service ldap client schema copy
vserver services name-service ldap client schema delete
vserver services name-service ldap client schema modify
vserver services name-service ldap client schema show
vserver services name-service netgroup load
vserver services name-service netgroup status
vserver services name-service netgroup file delete
vserver services name-service netgroup file show
vserver services name-service nis-domain create
vserver services name-service nis-domain delete
vserver services name-service nis-domain modify
vserver services name-service nis-domain show-bound
vserver services name-service nis-domain show
vserver services name-service nis-domain group-database build
vserver services name-service nis-domain group-database status
vserver services name-service nis-domain netgroup-database build
vserver services name-service nis-domain netgroup-database show-status
vserver services name-service nis-domain netgroup-database config modify
vserver services name-service nis-domain netgroup-database config show
vserver services name-service ns-switch create
vserver services name-service ns-switch delete
vserver services name-service ns-switch modify
vserver services name-service ns-switch show
vserver services name-service unix-group adduser
vserver services name-service unix-group create
vserver services name-service unix-group delete
vserver services name-service unix-group deluser
vserver services name-service unix-group load-from-uri
vserver services name-service unix-group modify
vserver services name-service unix-group show
vserver services name-service unix-group file show
vserver services name-service unix-group file status
vserver services name-service unix-group max-limit modify
vserver services name-service unix-group max-limit show
vserver services name-service unix-user create
vserver services name-service unix-user delete
vserver services name-service unix-user load-from-uri
vserver services name-service unix-user modify
vserver services name-service unix-user show
vserver services name-service unix-user file show
vserver services name-service unix-user file status
vserver services name-service unix-user max-limit modify
vserver services name-service unix-user max-limit show
vserver services name-service ypbind start
vserver services name-service ypbind status
vserver services name-service ypbind stop
vserver services ndmp generate-password
vserver services ndmp kill-all
vserver services ndmp extensions modify
vserver services ndmp extensions show
vserver services ndmp log start
vserver services ndmp log stop
vserver services ndmp restartable-backup delete
vserver services ndmp restartable-backup show
vserver services web access create
vserver smtape commands
vserver vscan commands
vserver vscan connection-status show-all
vserver vscan connection-status show-connected
vserver vscan connection-status show-not-connected
vserver vscan connection-status show
vserver vscan on-access-policy create
vserver vscan on-access-policy delete
vserver vscan on-access-policy disable
vserver vscan on-access-policy enable
vserver vscan on-access-policy modify
vserver vscan on-access-policy show
vserver vscan on-access-policy file-ext-to-exclude add
vserver vscan on-access-policy file-ext-to-exclude remove
vserver vscan on-access-policy file-ext-to-exclude show
vserver vscan on-access-policy file-ext-to-include add
vserver vscan on-access-policy file-ext-to-include remove
vserver vscan on-access-policy file-ext-to-include show
vserver vscan on-access-policy paths-to-exclude add
vserver vscan on-access-policy paths-to-exclude remove
vserver vscan on-access-policy paths-to-exclude show
vserver vscan on-demand-task create
vserver vscan on-demand-task delete
vserver vscan on-demand-task modify
vserver vscan on-demand-task run
vserver vscan on-demand-task schedule
vserver vscan on-demand-task show
vserver vscan on-demand-task unschedule
vserver vscan on-demand-task report delete
vserver vscan on-demand-task report show
vserver vscan scanner-pool apply-policy
vserver vscan scanner-pool create
vserver vscan scanner-pool delete
vserver vscan scanner-pool modify
vserver vscan scanner-pool resolve-hostnames
vserver vscan scanner-pool show-active
vserver vscan scanner-pool show
vserver vscan scanner-pool privileged-users add
vserver vscan scanner-pool privileged-users remove
vserver vscan scanner-pool privileged-users show
vserver vscan scanner-pool servers add
security certificate install
Install a Digital Certificate
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The security certificate install command installs digital security certificates signed by a certificate authority (CA) and the public key certificate of the root CA. Digital security certificates also include the intermediate certificates to construct the chain for server certificates (the server type), client-side root CA certificates (the client-ca type), or server-side root CA certificates (the server-ca type). with FIPS enabled, the following restrictions apply to the certificate getting installed. server/client/server-ca/client-ca: Key size >= 2048,server/client: Hash function (No MD-5, No SHA-1),server-ca/client-ca: (Intermediate CA), Hash Function (No MD-5, No SHA-1), server-ca/client-ca: (Root CA), Hash Function (No MD-5)
Parameters
-vserver <Vserver Name>- Name of Vserver-
This specifies the Vserver that contains the certificate.
-type <type of certificate>- Type of Certificate-
This specifies the certificate type. Valid values are the following:
-
server- includes server certificates and intermediate certificates. -
client-ca- includes the public key certificate for the root CA of the SSL client -
server-ca- includes the public key certificate for the root CA of the SSL server to which Data ONTAP is a client -
client- includes a self-signed or CA-signed digital certificate and private key to be used for Data ONTAP as an SSL client
-
[-subtype <kmip-cert>]- (DEPRECATED)-Certificate Subtype-
This parameter has been deprecated in ONTAP 9.6 and may be removed in a future release of Data ONTAP. This specifies a certificate subtype. This optional parameter can have an empty value (the default). The only valid value is as follows:
-
kmip-cert- this is a Key Management Interoperability Protocol (KMIP) certificate
-
[-cert-name <text>]- Unique Certificate Name-
This specifies the system’s internal identifier for the certificate. It must be unique within a Vserver. If not provided, it is automatically generated by the system.
Examples
This example installs a CA-signed certificate (along with intermediate certificates) for a Vserver named vs0.
cluster1::> security certificate install -vserver vs0 -type server
Please enter Certificate: Press <Enter> when done
-----BEGIN CERTIFICATE-----
MIIB8TCCAZugAwIBAwIBADANBgkqhkiG9w0BAQQFADBfMRMwEQYDVQQDEwpuZXRh
cHAuY29tMQswCQYDVQQGEwJVUzEJMAcGA1UECBMAMQkwBwYDVQQHEwAxCTAHBgNV
BAoTADEJMAcGA1UECxMAMQ8wDQYJKoZIhvcNAQkBFgAwHhcNMTAwNDI2MTk0OTI4
WhcNMTAwNTI2MTk0OTI4WjBfMRMwEQYDVQQDEwpuZXRhcHAuY29tMQswCQYDVQQG
EwJVUzEJMAcGA1UECBMAMQkwBwYDVQQHEwAxCTAHBgNVBAoTADEJMAcGA1UECxMA
MQ8wDQYJKoZIhvcNAQkBFgAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyXrK2sry
-----END CERTIFICATE-----
Please enter Private Key: Press <Enter> when done
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAMl6ytrK8nQj82UsWeHOeT8gk0BPX+Y5MLycsUdXA7hXhumHNpvF
C61X2G32Sx8VEa1th94tx+vOEzq+UaqHlt0CAwEAAQJBAMZjDWlgmlm3qIr/n8VT
PFnnZnbVcXVM7OtbUsgPKw+QCCh9dF1jmuQKeDr+wUMWknlDeGrfhILpzfJGHrLJ
z7UCIQDr8d3gOG71UyX+BbFmo/N0uAKjS2cvUU+Y8a8pDxGLLwIhANqa99SuSl8U
DiPvdaKTj6+EcGuXfCXz+G0rfgTZK8uzAiEAr1mnrfYC8KwE9k7A0ylRzBLdUwK9
AvuJDn+/z+H1Bd0CIQDD93P/xpaJETNz53Au49VE5Jba/Jugckrbosd/lSd7nQIg
aEMAzt6qHHT4mndi8Bo8sDGedG2SKx6Qbn2IpuNZ7rc=
-----END RSA PRIVATE KEY-----
Do you want to continue entering root and/or intermediate certificates {y|n}: y
Please enter Intermediate Certificate: Press <Enter> when done
-----BEGIN CERTIFICATE-----
MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh
bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g
QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe
BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX
DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE
YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0
-----END CERTIFICATE-----
Do you want to continue entering root and/or intermediate certificates {y|n}: y
Please enter Intermediate Certificate: Press <Enter> when done
-----BEGIN CERTIFICATE-----
MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
-----END CERTIFICATE-----
Do you want to continue entering root and/or intermediate certificates {y|n}: n
You should keep a copy of the private key and the CA-signed digital certificate
for future reference.
This example installs a CA certificate for client authentication for a Vserver named vs0.
cluster1::> security certificate install -vserver vs0 -type client-ca Please enter Certificate: Press <Enter> when done -----BEGIN CERTIFICATE----- MIIDNjCCAp+gAwIBAgIQNhIilsXjOKUgodJfTNcJVDANBgkqhkiG9w0BAQUFADCB zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl cnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIxMDEwMTIzNTk1OVow gc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT -----END CERTIFICATE----- You should keep a copy of the CA-signed digital certificate for future reference.
This example installs a CA certificate for server authentication for a Vserver named vs0. In this case, Data ONTAP acts as an SSL client.
cluster1::> security certificate install -vserver vs0 -type server-ca Please enter Certificate: Press <Enter> when done -----BEGIN CERTIFICATE----- MIIDNjCCAp+gAwIBAgIQNhIilsXjOKUgodJfTNcJVDANBgkqhkiG9w0BAQUFADCB zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl cnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIxMDEwMTIzNTk1OVow gc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT -----END CERTIFICATE----- You should keep a copy of the CA-signed digital certificate for future reference.
