ONTAP 9.15.1 commands

security certificate azure-install

Install a Digital Certificate from Azure Key Vault

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The security certificate azure-install command downloads and installs digital security certificates signed by a certificate authority (CA) and the public key certificate of the root CA stored on Azure Key Vault (AKV). With FIPS enabled, the following restrictions apply to the certificate getting installed. server/client/server-ca/client-ca: Key size >= 2048,server/client: Hash function (No MD-5, No SHA-1),server-ca/client-ca: (Intermediate CA), Hash Function (No MD-5, No SHA-1), server-ca/client-ca: (Root CA), Hash Function (No MD-5)

Parameters

-vserver <Vserver Name> - Name of Vserver

This specifies the Vserver that contains the certificate.

-cert-name <text> - Certificate Name

This specifies the system’s internal identifier for the certificate. It must be unique within a Vserver. If not provided, it is automatically generated by the system.

-type <type of certificate> - Type of Certificate

This specifies the certificate type. Valid values are the following:

  • server - includes server certificates and intermediate certificates.

  • client-ca - includes the public key certificate for the root CA of the SSL client

  • server-ca - includes the public key certificate for the root CA of the SSL server to which Data ONTAP is a client

  • client - includes a self-signed or CA-signed digital certificate and private key to be used for Data ONTAP as an SSL client

-key-vault-uri {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…​} - Deployed Azure Key Vault DNS Name

The DNS name of the deployed AKV.

-client-id <text> - Application (Client) ID of Deployed Azure Application

The ID of the client.

-tenant-id <text> - Directory (Tenant) ID of Deployed Azure Application

The ID of the tenant.

-authentication-method <AKV Authentication Method> - AKV Authentication Method

Use this parameter to specify the authentication method.

[-oauth-host <text>] - Open Authorization Host Name

The hostname of the OAuth server.

[-proxy-type {http|https}] - Proxy Type

Proxy Type.

[-proxy-host <text>] - Proxy Host

Proxy hostname.

[-proxy-port <integer>] - Proxy Port

Proxy port.

[-proxy-username <text>] - Proxy Username

Proxy username.

[-proxy-password <text>] - Proxy Password

Proxy password.

[-timeout <integer>] - AKV Connection Timeout in Seconds

AKV Connection Timeout in Seconds.

[-verify-host {true|false}] - Verify the identity of the AKV host

Set to true to verify the identity of the AKV host name.

Examples

This example installs a CA-signed certificate (along with intermediate certificates) for a Vserver named vs0.

cluster-1::> security certificate azure-install -vserver vs0 -type client -client-id client1 -tenant-id tenant1 -key-vault-uri https://samplevault.vault.azure.net -cert-name certname

Enter the {0} for Azure Key Vault:
Top of Page