Ways to manage SSL for SecureAdmin

SSL uses a certificate to provide a secure connection between the storage system and a Web browser. Two types of certificates are used—self-signed certificate and certificate-authority-signed certificate.

• Self-signed certificate

  A certificate generated by Data ONTAP. Self-signed certificates can be used as is, but they are less secure than certificate-authority signed certificates, because the browser has no way of verifying the signer of the certificate. This means the system could be spoofed by an unauthorized server.

• Certificate-authority-signed certificate

  A certificate-authority-signed certificate is a self-signed certificate that is sent to a certificate authority to be signed. The advantage of a certificate-authority-signed certificate is that it verifies to the browser that the system is the system to which the client intended to connect.

• Setting up and starting SSL
  Setting up SSL enables Data ONTAP to generate a self-signed certificate.
• Installing a certificate-authority-signed certificate
  The advantage of a certificate-authority-signed certificate is that it verifies to the browser that the system is the system to which the client intended to connect.
• Testing certificates
  After installing either a self-signed certificate or a certificate-authority-signed certificate, you should test the certification to verify that it is installed correctly.
• Reinitializing SSL
  You should reinitialize SSL if you change the domain name of the storage system. When you change the domain name of your system, the domain name recorded in the certificate becomes obsolete. As a result, the storage system is not authenticated after the domain name change, although the connection is still encrypted. The next time you connect to the system, the browser issues a warning that the domain name of the system does not match the record on the certificate.
• Disabling or enabling SSL
  When you disable SSL, you disallow all administrative requests over HTTPS. Enabling SSL allows administrative requests over HTTPS to succeed.