chsystemcert

Use the chsystemcert command to manage the Secure Sockets Layer (SSL) certificate that is installed on a clustered system (system).

Syntax


>>- chsystemcert -- --+-----------------+-- -------------------->
                      '- -mkselfsigned -'      

>--+---------------------+-- --+-----------------+-- ----------->
   '- -country --country-'     '- -state --state-'      

>--+-----------------------+-- --+----------------------+-- ---->
   '- -locality --locality-'     '- -org --organization-'      

>--+------------------------------+-- --+-----------------+----->
   '- -orgunit --organizationunit-'     '- -email --email-'   

>-- --+---------------------------+-- -------------------------->
      '- -commonname --commonname-'      

>--+---------------------+-- --+-------------------+-- --------><
   '- -keytype --keytype-'     '- -validity --days-'


>>- chsystemcert -- --+--------------+-- ----------------------->
                      '- -mkrequest -'      

>-- -country --country-- -- -state --state-- ------------------->

>-- -locality --locality-- -- -org --organization-- ------------>

>-- -orgunit --organizationunit-- -- -email --email-- ---------->

>-- -commonname --commonname-- --+---------------------+-- ----->
                                 '- -keytype --keytype-'      

>--+----------+-- ---------------------------------------------><
   '- -force -'


>>- chsystemcert -- --+------------+-- ------------------------->
                      '- -install -'      

>--+------------------------------+-- -------------------------><
   '- -file --input_file_pathname-'


>>- chsystemcert -- --+-----------+-- -------------------------><
                      '- -export -'

Parameters

-mkselfsigned

(Optional) Generates a self-signed SSL certificate. (If you do not specify -mkselfsigned you must specify -mkrequest, -export, or -install.)

-mkrequest

(Optional) Generates a certificate request. (If you do not specify -mkrequest you must specify -mkselfsigned, -export, or -install.)

-country country

(Optional for -mkselfsigned and required for -mkrequest) Specifies the 2-digit country code for the self-signed certificate or certificate request.

-state state

(Optional for -mkselfsigned and required for -mkrequest) Specifies the state information for the self-signed certificate or certificate request. The value can be an ASCII string from 0 - 128 characters.

-locality locality

(Optional for -mkselfsigned and required for -mkrequest) Specifies the locality information for the self-signed certificate or certificate request. The value can be an ASCII string from 0 - 128 characters.

-org organization

(Optional for -mkselfsigned and required for -mkrequest) Specifies the organization information for the SSL certificate. The value can be an ASCII string from 0 - 64 characters.

-orgunit organizationunit

(Optional for -mkselfsigned and required for -mkrequest) Specifies the organization unit information for the SSL certificate. The value can be an ASCII string from 0 - 64 characters.

-email email

(Optional for -mkselfsigned and required for -mkrequest) Specifies the email address that is used in the SSL certificate. The value can be an ASCII string from 0 - 64 characters.

-commonname commonname

(Optional for -mkselfsigned and required for -mkrequest) Specifies the common name for the SSL certificate. The value can be an ASCII string of 0 - 64 characters.

-validity days

(Optional) Specifies the number of days (1-9000) that the self-signed certificate is valid.

-keytype keytpye

(Optional) Specifies the SSL certificate key type. The supported key types are:

rsa2048
ecdsa384
ecdsa521

-install

(Optional) Installs a certificate. (If you do not specify -install you must specify -mkselfsigned, -mkrequest, or -export.)

-file

(Optional) Specifies the absolute path name of the certificate to install.

-export

(Optional) Exports the current SSL certificate. The certificate is exported to the /dumps/certificate.pem directory on the configuration node. (If you do not specify -export you must specify -mkselfsigned, -mkrequest, or -install.)

-force

(Optional) Specifies that the certificate request can be deleted.

Description

Use this command to manage the SSL certificate that is installed on a system. You can also

Generate a new self-signed SSL certificate
Create a certificate request to be copied from the system and signed by a certificate authority (CA)
Note: The signed certificate that is returned by the CA can be installed.
Export the current SSL certificate (for example to allow the certificate to be imported into a key server)

Important: You must specify one of the following parameters:

-mkselfsigned
-mkrequest
-install
-export

An invocation example to create a self-signed certificate

chsystemcert -mkselfsigned

The detailed resulting output:

No feedback

An invocation example to create a self-signed certificate with a common name

chsystemcert -mkselfsigned -commonname weiland.snpp.com

The detailed resulting output:

No feedback

An invocation example to create a self-signed certificate with a key type and a 1-year validity period

chsystemcert -mkselfsigned -keytype ecdsa521 -validity 365

The detailed resulting output:

No feedback