ONTAP 9.14.1 commands

security certificate config modify

Modify the certificate management configurations

Availability: This command is available to cluster administrators at the advanced privilege level.


This command modifies the certificate management configuration information for the cluster.


[-min-security-strength <bits of security strength>] - Minimum Security Strength

Use this parameter to modify the allowed minimum security strength for certificates. The security bits mapping to RSA and ECDSA key length are as follows:

            Security Bits   Asymmetric Key Length   Elliptic Curve Key Length
            112	            2048	                224
            128	            3072	                256
            192	            4096	                384
FIPS supported values are restricted to 112 and 128.

NOTE: This does not affect root CA certificates.


[-expiration-warn-threshold <integer>] - Minimum Days to EMS for Expiring Certificates

Use this parameter to modify the number of days prior to certificate expiration the system sends a warning EMS event.


The following example modifies the minimum security strength allowed for certificates.

cluster-1::> security certificate config modify -min-security-strength 192
Top of Page