ONTAP 9.15.1 commands

vserver nfs tls interface modify

Modify the TLS configuration of an NFS server

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver nfs tls interface modify command modifies a TLS configuration for NFS. An NFS TLS configuration is associated with both a Vserver and a logical interface.

Parameters

-vserver <vserver name> - Vserver

This parameter specifies the Vserver associated with the NFS TLS configuration you want to modify.

-lif <text> - Logical Interface

This parameter specifies the name of the logical interface associated with the NFS TLS configuration you want to modify.

[-status {enabled|disabled}] - TLS Status

This optional parameter specifies whether to enable or disable TLS for NFS on the specified Vserver and logical interface. If you specify a value of enable , you must also specify the -certificate-name parameter.

[-certificate-name <text>] - TLS Certificate Name

This optional parameter specifies the name of a certificate to be associated with the instance of a given Vserver and logical interface. If you specify a value of enable for the -status parameter, you must also specify this parameter.

The use of self-signed SSL certificates exposes users to man-in-the-middle security attacks. Where possible, obtain a certificate that is signed by a reputable certificate authority (CA) and use the security certificate install command to configure it before enabling TLS on a Vserver and LIF.

Examples

The following example enables the NFS TLS configuration on a Vserver named vs0 and a logical interface named datalif1. The certificate-name is datalif1.example.com

clus1::> vserver nfs tls interface modify -vserver vs0 -lif datalif1 -status enabled -certificate-name datalif1.example.com
Top of Page