We are providing a new check to validate the certificates expiration from the SVM in the NetApp cluster. This check will send you a warning if one (or many) of the server-certificates are going to expire within a given number of days.

$ scripts/certificate -H filer -w 30 -c 10
CERTIFICATE OK - 3 server certificates found.
vserv_a - vserv_a_15C538857A9BF1EC: 229d (OK)
vserv_b - vserv_b_15C5388782DAC910: 229d (OK)
sim96cluster - sim96cluster_15C531AC49B9C240: 229d (OK)

Please mind the missing file-extension for the certificate command above. This check is a precompiled binary with zero dependencies.

The certificate check requires the new RESTfull getter get_netapp to be run in advance with the certificate object set. This way the certificate-information is retrieved and stored locally. The REST-full getter works only for ONATP 9.6 or later!

Bottom line: The present implementation with a getter for ONTAP 9.6 or later and no getter for older ONTAP releases for the certificate object, limits the use of the certificate check to ONTAP 9.6 (or later).

Following a complete example on how to check certificate expiration:

$ scripts/get_netapp -H filer -o certificate 
Data for object 'certificate' collected within 0.263231s. Number of instances stored: 104
| 'total_duration'=0.263231415s;45;55;0;

$ scripts/certificate -H filer -w 30 -c 10
CERTIFICATE OK - 3 server certificates found.
vserv_a - vserv_a_15C538857A9BF1EC: 229d (OK)
vserv_b - vserv_b_15C5388782DAC910: 229d (OK)
sim96cluster - sim96cluster_15C531AC49B9C240: 229d (OK)

The Certificate check is part of the 5.1.0 version whose release is scheduled for February the 1st 2020. Please consider reading the release history as well.