chsystemcert
Use the chsystemcert command to manage the Secure Sockets Layer (SSL) certificate that is installed on a clustered system (system).
Syntax
>>- chsystemcert -- --+-----------------+-- --------------------> '- -mkselfsigned -' >--+---------------------+-- --+-----------------+-- -----------> '- -country --country-' '- -state --state-' >--+-----------------------+-- --+----------------------+-- ----> '- -locality --locality-' '- -org --organization-' >--+------------------------------+-- --+-----------------+-----> '- -orgunit --organizationunit-' '- -email --email-' >-- --+---------------------------+-- --------------------------> '- -commonname --commonname-' >--+---------------------+-- --+-------------------+-- -------->< '- -keytype --keytype-' '- -validity --days-'
>>- chsystemcert -- --+--------------+-- -----------------------> '- -mkrequest -' >-- -country --country-- -- -state --state-- -------------------> >-- -locality --locality-- -- -org --organization-- ------------> >-- -orgunit --organizationunit-- -- -email --email-- ----------> >-- -commonname --commonname-- --+---------------------+-- -----> '- -keytype --keytype-' >--+----------+-- --------------------------------------------->< '- -force -'
>>- chsystemcert -- --+------------+-- -------------------------> '- -install -' >--+------------------------------+-- ------------------------->< '- -file --input_file_pathname-'
>>- chsystemcert -- --+-----------+-- ------------------------->< '- -export -'
Parameters
- (Optional) Generates a self-signed SSL certificate. (If you do not specify -mkselfsigned you must specify -mkrequest, -export, or -install.)
- (Optional) Generates a certificate request. (If you do not specify -mkrequest you must specify -mkselfsigned, -export, or -install.)
- (Optional for -mkselfsigned and required for -mkrequest) Specifies the 2-digit country code for the self-signed certificate or certificate request.
- (Optional for -mkselfsigned and required for -mkrequest) Specifies the state information for the self-signed certificate or certificate request. The value can be an ASCII string from 0 - 128 characters.
- (Optional for -mkselfsigned and required for -mkrequest) Specifies the locality information for the self-signed certificate or certificate request. The value can be an ASCII string from 0 - 128 characters.
- (Optional for -mkselfsigned and required for -mkrequest) Specifies the organization information for the SSL certificate. The value can be an ASCII string from 0 - 64 characters.
- (Optional for -mkselfsigned and required for -mkrequest) Specifies the organization unit information for the SSL certificate. The value can be an ASCII string from 0 - 64 characters.
- (Optional for -mkselfsigned and required for -mkrequest) Specifies the email address that is used in the SSL certificate. The value can be an ASCII string from 0 - 64 characters.
- (Optional for -mkselfsigned and required for -mkrequest) Specifies the common name for the SSL certificate. The value can be an ASCII string of 0 - 64 characters.
- (Optional) Specifies the number of days (1-9000) that the self-signed certificate is valid.
- (Optional) Specifies the SSL certificate key type. The supported key types are:
- rsa2048
- ecdsa384
- ecdsa521
- (Optional) Installs a certificate. (If you do not specify -install you must specify -mkselfsigned, -mkrequest, or -export.)
- (Optional) Specifies the absolute path name of the certificate to install.
- (Optional) Exports the current SSL certificate. The certificate is exported to the /dumps/certificate.pem directory on the configuration node. (If you do not specify -export you must specify -mkselfsigned, -mkrequest, or -install.)
- (Optional) Specifies that the certificate request can be deleted.
Description
Use
this command to manage the SSL certificate that is installed on a
system. You can also
- Generate a new self-signed SSL certificate
- Create a certificate request to be copied from the system and
signed by a certificate authority (CA) Note: The signed certificate that is returned by the CA can be installed.
- Export the current SSL certificate (for example to allow the certificate to be imported into a key server)
Important: You must specify one of the following
parameters:
- -mkselfsigned
- -mkrequest
- -install
- -export
An invocation example to create a self-signed certificate
chsystemcert -mkselfsigned
The detailed resulting output:
No feedback
An invocation example to create a self-signed certificate with a common name
chsystemcert -mkselfsigned -commonname weiland.snpp.com
The detailed resulting output:
No feedback
An invocation example to create a self-signed certificate with a key type and a 1-year validity period
chsystemcert -mkselfsigned -keytype ecdsa521 -validity 365
The detailed resulting output:
No feedback