ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security certificate config modify

    Modify the certificate management configurations

    Availability: This command is available to cluster administrators at the advanced privilege level.

    Description

    This command modifies the certificate management configuration information for the cluster.

    Parameters

    [-min-security-strength <bits of security strength>] - Minimum Security Strength

    Use this parameter to modify the allowed minimum security strength for certificates. The security bits mapping to RSA and ECDSA key length are as follows:

                Security Bits   Asymmetric Key Length   Elliptic Curve Key Length
                112	            2048	                224
                128	            3072	                256
                192	            4096	                384
    FIPS supported values are restricted to 112 and 128.

    +
    NOTE: This does not affect root CA certificates.

    +

    [-expiration-warn-threshold <integer>] - Minimum Days to EMS for Expiring Certificates

    Use this parameter to modify the number of days prior to certificate expiration the system sends a warning EMS event.

    Examples

    The following example modifies the minimum security strength allowed for certificates.

    cluster-1::> security certificate config modify -min-security-strength 192
    Top of Page