#cl1 is my clustername. Yours may be different
#run openssl on the client to generate test.key and test.pem for cert_user

openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout test.key -out test.pem -subj "/C=US/ST=NC/L=RTP/O=NetApp/CN=cert_user"

#in clustershell on ONTAP:
#Take the ./test.pem content and paste it into the request.

security certificate install -type client-ca -vserver cl1

Press ENTER.

#In ONTAP, define the user ID for http access:

security login create -user-or-group-name cert_user -application http -authmethod cert -role admin -vserver cl1

#On your Linux client, run the following command that produces the ONTAP version as output:

curl -k --cert-type PEM --cert ./test.pem --key-type PEM --key ./test.key -X GET "https://cl1/api/cluster?fields=version"