Use the chsystemcert command to manage
the Secure Sockets Layer (SSL) certificate that is installed on a
clustered system (system).
Syntax
chsystemcert [ -mkselfsigned ] [ -countrycountry ] [ -statestate ] [ -localitylocality ] [ -orgorganization ] [ -orgunitorganizationunit ] [ -emailemail ] [ -commonnamecommonname ] [ -keytypekeytype ] [ -validitydays ]
chsystemcert [ -mkrequest ] -countrycountry -statestate -localitylocality -orgorganization -orgunitorganizationunit -emailemail -commonnamecommonname [ -keytypekeytype ] [ -force ]
chsystemcert [ -install ] [ -fileinput_file_pathname ]
chsystemcert [ -export ]
Parameters
- -mkselfsigned
- (Optional) Generates a self-signed SSL certificate. (If you do not specify
-mkselfsigned you must specify -mkrequest,
-export, or -install.)
- -mkrequest
- (Optional) Generates a certificate request. (If you do not specify -mkrequest
you must specify -mkselfsigned, -export, or
-install.)
- -countrycountry
- (Optional for -mkselfsigned and required for -mkrequest)
Specifies the 2-digit country code for the self-signed certificate or certificate request.
- -statestate
- (Optional for -mkselfsigned and required for -mkrequest)
Specifies the state information for the self-signed certificate or certificate request. The value
can be an ASCII string from 0 - 128 characters.
- -localitylocality
- (Optional for -mkselfsigned and required for -mkrequest)
Specifies the locality information for the self-signed certificate or certificate request. The value
can be an ASCII string from 0 - 128 characters.
- -orgorganization
- (Optional for -mkselfsigned and required for -mkrequest)
Specifies the organization information for the SSL certificate. The value can be an ASCII string
from 0 - 64 characters.
- -orgunitorganizationunit
- (Optional for -mkselfsigned and required for -mkrequest)
Specifies the organization unit information for the SSL certificate. The value can be an ASCII
string from 0 - 64 characters.
- -emailemail
- (Optional for -mkselfsigned and required for -mkrequest)
Specifies the email address that is used in the SSL certificate. The value can be an ASCII string
from 0 - 64 characters.
- -commonnamecommonname
- (Optional for -mkselfsigned and required for -mkrequest)
Specifies the common name for the SSL certificate. The value can be an ASCII string of 0 - 64
characters.
- -validitydays
- (Optional) Specifies the number of days (1-9000) that the
self-signed certificate is valid.
- -keytypekeytpye
- (Optional) Specifies the SSL certificate key type. The supported key types are:
- rsa2048
- ecdsa384
- ecdsa521
- -install
- (Optional) Installs a certificate. (If you do not specify -install you must
specify -mkselfsigned, -mkrequest, or
-export.)
- -file
- (Optional) Specifies the absolute path name of the certificate to install.
- -export
- (Optional) Exports the current SSL certificate. The certificate is exported to the
/dumps/certificate.pem directory on the configuration node. (If you do not
specify -export you must specify -mkselfsigned,
-mkrequest, or -install.)
- -force
- (Optional) Specifies that the certificate request can be deleted.
Description
Use
this command to manage the SSL certificate that is installed on a
system. You can also
Important: You must specify one of the following
parameters:
- -mkselfsigned
- -mkrequest
- -install
- -export
An invocation example to create a self-signed certificate
chsystemcert -mkselfsigned
The
detailed resulting output:
No feedback
An invocation example to create a self-signed certificate
with a common name
chsystemcert -mkselfsigned -commonname weiland.snpp.com
The
detailed resulting output:
No feedback
An invocation example to create a self-signed certificate
with a key type and a 1-year validity period
chsystemcert -mkselfsigned -keytype ecdsa521 -validity 365
The
detailed resulting output:
No feedback