Use the chsystemcert command to manage the Secure Sockets Layer (SSL)
certificate that is installed on a clustered system (system).
Syntax
chsystemcert [ -mkselfsigned ] [ -country country ] [ -state state ] [ -locality locality ] [ -org organization ] [ -orgunit organizationunit ] [ -email email ] [ -commonname commonname ] [ -keytype keytype ] [ -validity days ]
chsystemcert [ -mkrequest ] -country country -state state -locality locality -org organization -orgunit organizationunit -email email -commonname commonname [ -keytype keytype ] [ -force ]
chsystemcert [ -install ] [ -file input_file_pathname ]
chsystemcert [ -export ]
Parameters
- -mkselfsigned
- (Optional) Generates a self-signed SSL certificate. If you do not specify
-mkselfsigned, you must specify -mkrequest,
-export, or -install.
- -mkrequest
- (Optional) Generates a certificate request. If you do not specify
-mkrequest, you must specify -mkselfsigned,
-export, or -install.
- -countrycountry
- (Optional for -mkselfsigned and required for
-mkrequest) Specifies the 2-digit country code for the self-signed
certificate or certificate request.
- -statestate
- (Optional for -mkselfsigned and required for
-mkrequest) Specifies the state information for the self-signed
certificate or certificate request. The value can be an ASCII string from 0 -
128 characters.
- -localitylocality
- (Optional for -mkselfsigned and required for
-mkrequest) Specifies the locality information for the self-signed
certificate or certificate request. The value can be an ASCII string in the range 0 - 128
characters.
- -orgorganization
- (Optional for -mkselfsigned and required for
-mkrequest) Specifies the organization information for the SSL
certificate. The value can be an ASCII string in the range 0 - 64 characters.
- -orgunitorganizationunit
- (Optional for -mkselfsigned and required for
-mkrequest) Specifies the organization unit information for the SSL
certificate. The value can be an ASCII string in the range 0 - 64 characters.
- -emailemail
- (Optional for -mkselfsigned and required for
-mkrequest) Specifies the email address that is used in the SSL
certificate. The value can be an ASCII string in the range 0 - 64 characters.
- -commonnamecommonname
- (Optional for -mkselfsigned and required for
-mkrequest) Specifies the common name for the SSL certificate. The value
can be an ASCII string of 0 - 64 characters.
- -validitydays
- (Optional) Specifies the number of days (1-9000) that the
self-signed certificate is valid.
- -keytypekeytpye
- (Optional) Specifies the SSL certificate key type. The supported key types are:
- rsa2048
- ecdsa384
- ecdsa521
- -install
- (Optional) Installs a certificate. If you do not specify -install, you
must specify -mkselfsigned, -mkrequest, or
-export.
- -file
- (Optional) Specifies the absolute path name of the certificate to install.
- -export
- (Optional) Exports the current SSL certificate. The certificate is exported to the
/dumps/certificate.pem directory on the configuration node. If you do
not specify -export, you must specify -mkselfsigned,
-mkrequest, or -install.
- -force
- (Optional) Specifies that the certificate request can be deleted.
Description
Use this command to manage the SSL certificate that is installed on a system. You can also do the
following items.
Important: You must specify one of the following parameters:
- -mkselfsigned
- -mkrequest
- -install
- -export
An invocation example to create a self-signed
certificate
chsystemcert -mkselfsigned
The detailed resulting
output:
No feedback
An invocation example to create a self-signed certificate with a common
name
chsystemcert -mkselfsigned -commonname weiland.snpp.com
The
detailed resulting output:
No feedback
An invocation example to create a self-signed certificate with a key type and a
1-year validity
period
chsystemcert -mkselfsigned -keytype ecdsa521 -validity 365
The
detailed resulting output:
No feedback