Manageability Cautions; Certificates Signed With Md5 Could Cause Loss Of Connectivity To Secure Clients; If You Need To Boot The Storage System From A Data Ontap Image Stored On A Remote Server - IBM N Series Manual

Hide thumbs Also See for N Series:

Hardware manual (368 pages)

Implementation manual (105 pages)

Installation manual (62 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

page of 168

/ 168
Contents
Table of Contents
Bookmarks

Table of Contents

Manageability cautions

If you are a storage system administrator, you should familiarize yourself

with these manageability issues.

For more information about these cautions, see the Data ONTAP 8.0 7-Mode

Systems Administration Guide.

v "Certificates signed with MD5 could cause loss of connectivity to secure

clients"

v "If you need to boot the storage system from a Data ONTAP image stored

on a remote server"

v "TLS is not supported in the Data ONTAP 8.0 release family" on page 74

v "RLM over IPv6 not supported in the Data ONTAP 8.0 release family" on

page 74

Certificates signed with MD5 could cause loss of connectivity to secure

clients

To enhance security, starting with Data ONTAP 8.0.2, Data ONTAP uses the

SHA256 message-digest algorithm to sign the contents of digital certificates

(including certificate signing requests (CSRs) and root certificates) on the

storage system. Use of the MD5 message-digest algorithm, which was used to

sign CSRs and root certificates, is no longer officially supported.

Depending on the certificate depth verification, clients might need to use

SHA256 to verify digital certificates presented by Data ONTAP 8.0.2 and later.

Data ONTAP 8.0 and 8.0.1 use the MD5 message-digest algorithm to sign

digital certificates. Due to the CVE-2004-2761-IETF X.509 certificate MD5

signature collision vulnerability, and to minimize security risks when using a

certificate signed with MD5, you should have the CSRs further signed by a

certificate authority (CA) using SHA256 or SHA1.

If you need to boot the storage system from a Data ONTAP image stored

on a remote server

In Data ONTAP 8.0 and later release families, netboot is not a supported

function, unless you are restoring the Data ONTAP image on the boot device,

such as a PC CompactFlash card. If you need to boot the storage system from

a Data ONTAP image stored on a remote server, contact technical support.

For information about how to replace a PC CompactFlash card or boot device,

or how to restore the Data ONTAP image on the card, see the Hardware and

Service Guide that is applicable to your storage system model.

Important cautions

Table of Contents

Manageability Cautions; Certificates Signed With Md5 Could Cause Loss Of Connectivity To Secure Clients; If You Need To Boot The Storage System From A Data Ontap Image Stored On A Remote Server - IBM N Series Manual

Manageability cautions

Related Manuals for IBM N Series

Related Content for IBM N Series

Table of Contents