questions about the certificate renew in ontap cluster.

Hi 

we get error messages as below:

This message occurs when a digital certificate for a Vserver is about to expire. Client-server communication will not be secure if the certificate expires.

Install a new digital certificate on the system using the 'security certificate create' or 'security certificate install' command.

[version]

ontap cluster mode
OS Version: 9.8P5

[my analysis]

I found some Self-Signed SSL certificate will expire,and i recommend the below KB.
---------------
How to renew a Self-Signed SSL certificate in ONTAP 9
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_renew_a_Self-Signed_SSL_certificate_in_ONTAP_9.10.0_and_earlier
---------------

but the user also stated that they have other certificates will Expiration.
and would like to know how to review it .

it seems that the below certificate is not a Self-Signed SSL certificate,

Q1:could you please provide information how to determine if it's a Self-Signed SSL certificate or a CA certificate ?
Q2:Could you please share detall info how to renew the CA certificate.

the example is as blow:

------------------
Certificate Authority: Staat der Nederlanden EV Root CA 　 Expiration Date: Thu Dec 8 20:10:28 2022 　 12月8日
------------------

-------------------------------------------------
SUP3000::> security certificate show -instance -vserver SUP3000 -cert-name StaatderNederlandenEVRootCA
Vserver: SUP3000:
Certificate Name: StaatderNederlandenEVRootCA
FQDN or Custom Common Name: StaatderNederlandenEVRootCA
Serial Number of Certificate: 98968D
Certificate Authority: Staat der Nederlanden EV Root CA
Type of Certificate: server-ca
Size of Requested Certificate(bits): 4096
Certificate Start Date: Wed Dec 08 20:19:29 2010
Certificate Expiration Date: Thu Dec 08 20:10:28 2022
Public Key Certificate: -----BEGIN CERTIFICATE-----
MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJOTDEeMBwGA1UE
CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
SzrSM4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nCUiY4iKTW
O0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3dZ//BYY1jTw+bbRcwJu+r
eUN51q1veieQA6TqJIc/2b3Z6fJfUEkc7uzXLg==
-----END CERTIFICATE-----
Country Name (2 letter code): NL
State or Province Name (full name):
Locality Name (e.g. city):
Organization Name (e.g. company): Staat der Nederlanden
Organization Unit (e.g. section): Staat der Nederlanden
Email Address (Contact Name):
Protocol: SSL
Hashing Function: SHA256
Subtype: -
=====================================================

SUP3000:::> security certificate show
Vserver Serial Number Certificate Name Type
---------- --------------- -------------------------------------- ------------

SUP3000:
98968D StaatderNederlandenEVRootCA server-ca
Certificate Authority: Staat der Nederlanden EV Root CA
Expiration Date: Thu Dec 08 20:10:28 2022
=====================================================

Thanks and regards

terry