chsystemcertstore

Use the chsystemcertstore command to manage the Secure Sockets Layer (SSL) certificates associated with the specific use cases configured on the system.

Syntax

Read syntax diagramSkip visual syntax diagramchsystemcertstore-install-scopedefaultkeyserver-file<input cert file pathname>
Read syntax diagramSkip visual syntax diagramchsystemcertstore-export-scopedefaultinternal_communicationkeyserver
Read syntax diagramSkip visual syntax diagramchsystemcertstore-exportrootca-scopedefaultinternal_communicationkeyserver
Read syntax diagramSkip visual syntax diagramchsystemcertstore-autorenewyesno-scopedefaultinternal_communicationkeyserver
Read syntax diagramSkip visual syntax diagramchsystemcertstore-cancel-scopedefaultkeyserver

Parameters

-cancel
(Optional) Cancel the certificate signing request to the external certificate authority that is currently in progress.
-scope default | keyserver
(Optional) Specifies the use case scope for which this certificate is generated. Value can be default , or keyserver.
-autorenew yes | no
(Optional) Turns automatic renewal on or off. When turned on, the system certificate will be renewed automatically 30 days before it expires. The -autorenew option is only supported when the certificate is signed by the system's root certificate authority. The default value when using an internally signed certificate is yes.
-install
(Optional) Specifies the installing of certificate.
-file input_file_pathname
(Optional) Specifies the absolute path name of the certificate to install.
-export
(Optional) Exports the full chain of installed SSL certificates. For the default certificates, the certificate is exported to /dumps/certificate.pem. For all other scope certificates, the certificate is exported to the /dumps/system_certificate_slot_<scopeid>.pem file on the configuration node.
-exportrootcacert
(Optional) Exports the Root CA certificate from the installed SSL certificate chain.

For default certificate, the certificate is exported to /dumps/rootcacertificate.pem. For all other scope certificates, the certificate is exported to the /dumps/system_rootcacertificate_slot_<scopeid>.pem file on the configuration node.

Description

Use this command to manage the SSL certificate associated with the specific use cases configured on the system.

The command can be used for the following items:
  • Install an externally signed certificate for the use case.
  • Export the full chain of installed certificates for the use case.
  • Export the installed SSL Root CA certificate for the use case.
  • Cancel an outstanding CSR for the use case
  • Configure autorenewal for the use case.
  • Important: You must specify one of the following parameters:
    • -install
    • -export
    • -exportrootca
    • -cancel
    • -autorenew

An invocation example

The following example shows installing an externally signed certificate for the key server use case:

svctask chsystemcertstore -install -scope keyserver -file /dumps/keyserver.pem

The resulting output

No feedback.