ONTAP自动生成证书名称时的命名规则是什么?
适用场景
- ONTAP 9
- 通过命令行续订ONTAP自签名SSL证书
问题解答
cert-name 时,它将与 common-name 同名。但是,如果 已存在具有相同common-name 的证书,并且其有效期尚未到期,则 cert-name 将采用<common-name>_<serial> 的形式。ontap912::> security certificate create -common-name test -type server -vserver ontap912
The certificate's generated name for reference: test
ontap912::*> security certificate create -common-name test -type server
The certificate's generated name for reference: test_1812D5EF5CFFB4C1
ontap912::> security certificate show -common-name test
Vserver Serial Number Certificate Name Type
---------- --------------- -------------------------------------- ------------
ontap912 1812D587C662AC6F
test server
Certificate Authority: test
Expiration Date: Sat Dec 20 17:33:05 2025
ontap912 1812D5EF5CFFB4C1
test_1812D5EF5CFFB4C1 server
Certificate Authority: test
Expiration Date: Sat Dec 20 17:40:30 2025
2 entries were displayed.
此外,如果common-name 与vserver 名称相同,则序列号将无条件附加到cert-name 。
ontap913::> security certificate show -fields vserver,common-name,serial,ca,type,expiration -type server -vserver test1
vserver common-name serial ca type subtype cert-name expiration
------- ----------- ---------------- ------- ------ ------- --------- ------------------------
test1 zhuolin 1830966EAE1B6E0C zhuolin server - zhuolin Fri Mar 27 15:54:17 2026
ontap913::> security certificate create -common-name test1 -type server -vserver test1
The certificate's generated name for reference: test1_182D857C8EAA53B4
ontap913::> security certificate show -fields vserver,common-name,serial,ca,type,expiration -type server -vserver test1
vserver common-name serial ca type subtype cert-name expiration
------- ----------- ---------------- ----- ------ ------- ---------------------- ------------------------
test1 test1 182D857C8EAA53B4 test1 server - test1_182D857C8EAA53B4 Tue Mar 17 16:10:00 2026
test1 zhuolin 1830966EAE1B6E0C zhuolin
server - zhuolin Fri Mar 27 15:54:17 2026
2 entries were displayed.