ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security certificate generate-csr

    Generate a Digital Certificate Signing Request

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command generates a digital certificate signing request and displays it on the console. A certificate signing request (CSR or certification request) is a message sent to a certificate authority (CA) to apply for a digital identity certificate.

    Parameters

    [-common-name <text>] - FQDN or Custom Common Name

    This specifies the desired certificate name as a fully qualified domain name (FQDN) or custom common name or the name of a person. The supported characters, which are a subset of the ASCII character set, are as follows:

    • Letters a through z, A through Z

    • Numbers 0 through 9

    • Asterisk (*), period (.), underscore (_) and hyphen (-)

    The common name must not start or end with a "-" or a ".". The maximum length is 253 characters.

    { [-size <size of requested certificate in bits>] - (DEPRECATED)-Size of Requested Certificate in Bits

    This specifies the number of bits in the private key. A larger size value provides for a more secure key. The default is 2048. Possible values include 512 , 1024 , 1536 , and 2048 .

    This parameter has been deprecated in ONTAP 9.8 and may be removed in future releases of Data ONTAP. Use the security-strength parameter instead.
    | [-security-strength <bits of security strength>] - Security Strength in Bits }

    Use this parameter to specify the minimum security strength of the certificate in bits. The security bits mapping to RSA and ECDSA key length, in bits, are as follows:

                Size      RSA Key Length       Elliptic Curve Key Length
                112       2048                 224
                128       3072                 256
                192       4096                 384
    Note: FIPS supported values are restricted to 112 and 128.
    [-algorithm <Asymmetric key generation algorithm>] - Asymmetric Encryption Algorithm

    Use this parameter to specify the asymmetric encryption algoithm to use for generating the public/private key for the certificate signing request. Algorithm values can be RSA or EC. Default value is RSA.

    [-country <text>] - Country Name

    This specifies the country where the Vserver resides. The country name is a two-letter code. The default is US. Here is the list of country codes:
    Country Codes

    [-state <text>] - State or Province Name

    This specifies the state or province where the Vserver resides.

    [-locality <text>] - Locality Name

    This specifies the locality where the Vserver resides. For example, the name of a city.

    [-organization <text>] - Organization Name

    This specifies the organization where the Vserver resides. For example, the name of a company.

    [-unit <text>] - Organization Unit

    This specifies the unit where the Vserver resides. For example, the name of a section or a department within a company.

    [-email-addr <mail address>] - Contact Administrator’s Email Address

    This specifies the email address of the contact administrator for the Vserver.

    [-hash-function <hashing function>] - Hashing Function

    This specifies the cryptographic hashing function for signing the certificate. The default is SHA256. Possible values include SHA224 , SHA256 , SHA384 , and SHA512 .

    [-key-usage <Certificate key usage extension>,…​] - Key Usage Extension

    Use this parameter to specify the key usage extension values. The default values are: digitalSignature , keyEncipherment . Possible values include:

    • digitalSignature

    • nonRepudiation

    • keyEncipherment

    • dataEncipherment

    • keyAgreement

    • keyCertSigning

    • cRLSigning

    • encipherOnly

    • decipherOnly

    [-extended-key-usage <Certificate extKeyUsage extension>,…​] - Extended Key Usage Extension

    Use this parameter to specify the extended key usage extension values. The default values are: serverAuth , clientAuth . Possible values include:

    • serverAuth

    • clientAuth

    • codeSigning

    • emailProtection

    • timeStamping

    • OCSPSigning

    [-rfc822-name <mail address>,…​] - Email Address SAN

    Use this parameter to specify the Subject Alternate Name extension - a list of rfc822-names (email addresses).

    [-uri <text>,…​] - URI SAN

    Use this parameter to specify the Subject Alternate Name extension - a list of URIs.

    [-dns-name <text>,…​] - DNS Name SAN

    Use this parameter to specify the Subject Alternate Name extension - a list of DNS names.

    [-ipaddr <IP Address>,…​] - IP Address SAN

    Use this parameter to specify the Subject Alternate Name extension - a list of IP addresses.

    Examples

    This example creates a certificate-signing request with a 2048-bit RSA private key generated by the SHA256 hashing function for use by the Engineering group in IT at a company whose custom common name is www.example.com , located in Durham, NC, USA. The email address of the contact administrator who manages the Vserver is web@example.com The request also specifies the subject alternative names, key-usage and extended-key-usage extensions.

    cluster-1::> security certificate generate-csr -common-name www.example.com -algorithm RSA -hash-function SHA256 -security-strength 128 -key-usage critical,digitalSignature,keyEncipherment -extended-key-usage serverAuth,clientAuth -country US -state NC -locality Durham -organization IT -unit Engineering -email-addr web@example.com -rfc822-name example@example.com -dns-name shop.example.com , store.example.com
    
    Certificate Signing Request :
    -----BEGIN CERTIFICATE REQUEST-----
    MIIEWDCCAsACAQAwgYgxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTELMAkGA1UE
    BhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQHEwZEdXJoYW0xCzAJBgNVBAoTAklU
    MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEeMBwGCSqGSIb3DQEJARYPd2ViQGV4YW1w
    bGUuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuo86Jg/szhws
    ykYiEXvRaf/j2jJArJMoZby9Z/yINsowe30Xbn5wnfvwiwICUCPwD1e3jhK3TrWH
    rNRn/+MqE+jQA7yAdufYxD537cDcT46ihkajISe0Ei93yf6IKmvUAvmJvQ3R7Z4E
    QCOWHj56yQ+LXj36bYdwa74S8u8lpCs3Ywx8fgrh/v6H0rnlKDQSQuFR35u7ZZym
    tRA7EJMY62f9ALgcFNhQPuP6pjc8aP7Tv7BKXAninryDDcoMdW8UczfTPgzCDh5z
    S++eNP3s/7cGfRSQ8aXnDTVQLYpusrdDgVwZXXgu+ZPoZuCf2AYBT+/rdq3VkgWu
    QM+mGRMB53O0ff4QOi+SVcXSWXq32wzciv1KsW/iB9h2T+kVd/8Z7ESeYLqFxhY+
    0nwacskMRGxOuTLgx+XH+/EntjrI4rjF9/ShYCIcy8vqp1OxFaPClu96ebnbiEOu
    y6RvCJ2egcM6OeRbHWB5fIJ0ZZ3crdjz/d1z4ktBuG7E4cUYkEvvAgMBAAGggYkw
    gYYGCSqGSIb3DQEJDjF5MHcwRgYDVR0RAQH/BDwwOoETZXhhbXBsZUBleGFtcGxl
    LmNvbYIQc2hvcC5leGFtcGxlLmNvbYIRc3RvcmUuZXhhbXBsZS5jb20wDgYDVR0P
    AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG
    9w0BAQsFAAOCAYEAh0kOsRy5cCTnFRIWBhBrFFvQhpZIlsoeelNW6JlkE0/ULcAj
    JevBx8UibY48D2Wn0nEGle9T3ZeDlg+n66xr/OUfsrENm5ORy5Ndvubkkz0t4KF5
    Z2SnwPVIcX2b6ID2xhFAny2S58Adwo7uTpLytidqFj026/KcuyVZUEF9HuJcQGE8
    +LMfliCkm6rI2h1ncy2sV6vtDo9GlVscTYLghisHp1aTXVPrr6Q+1OM8lTot8i71
    DmZ7kRyxCDlu20XxxV+p2cm4QQVHXbw0XrKAOL2jCBBiYOSWM/BvwWIliVGD6NLg
    WK7ZpyHSFjDH0pUlqJCIs079W6JDhiYvtB2xizqmg8oyABUESMUckHGeymr92mcO
    JbSyeTE66Pek+Gwia6ZMG7jcznfSr31+7dShLix9kjGsKUffHTiZVySaYjny/+Aq
    Seg3Fpusq25ki9D/NMnbifXraL+LbX/WNLS3nA79rp3+VcOoGBponT4i1fsxn+Bv
    5RTT3nhT8BlcTe1d
    -----END CERTIFICATE REQUEST-----
    
    Private Key :
    -----BEGIN PRIVATE KEY-----
    MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQC6jzomD+zOHCzK
    RiIRe9Fp/+PaMkCskyhlvL1n/Ig2yjB7fRdufnCd+/CLAgJQI/APV7eOErdOtYes
    1Gf/4yoT6NADvIB259jEPnftwNxPjqKGRqMhJ7QSL3fJ/ogqa9QC+Ym9DdHtngRA
    I5YePnrJD4tePfpth3BrvhLy7yWkKzdjDHx+CuH+/ofSueUoNBJC4VHfm7tlnKa1
    EDsQkxjrZ/0AuBwU2FA+4/qmNzxo/tO/sEpcCeKevIMNygx1bxRzN9M+DMIOHnNL
    7540/ez/twZ9FJDxpecNNVAtim6yt0OBXBldeC75k+hm4J/YBgFP7+t2rdWSBa5A
    z6YZEwHnc7R9/hA6L5JVxdJZerfbDNyK/Uqxb+IH2HZP6RV3/xnsRJ5guoXGFj7S
    fBpyyQxEbE65MuDH5cf78Se2OsjiuMX39KFgIhzLy+qnU7EVo8KW73p5uduIQ67L
    pG8InZ6Bwzo55FsdYHl8gnRlndyt2PP93XPiS0G4bsThxRiQS+8CAwEAAQKCAYBW
    fqtWFFIVaWi2y3dmJcL840AP3PaxTHURXkVund3FkU6TIncnqoWqKbHnsSHDaDYX
    1vJqc3D7lBx4W+5v7DGJE4rGALKK7olIyzGtUJqUZCwkF0Hw0EijmdBvHYyiJmYg
    jvN2bJ7lDTspRZaHJS6mY4eZRSEDgST1PyXn7krEZ6kBSju58G/BWt88KyX80s+Y
    pIDiLIDg5pVAI2tPDvQhyI+7sqCKZZQm5GpEgB2JDIS+PgzryUWBlSMp1ICcPcgx
    rarFZQi1Ne7qrp6FfKvPAO5XLyI0xhgm8fCMJUpxmEb80XY4FeRDzB42a0Z/YL0P
    HhpWAI4ZRsDyDd5S7jwLZQ3Hl9WsKvj2/FRU6hWTP+maH/Vel35iLkygfZWUAjNY
    F6B0SoBBd9bVeKDODXrD/CwVbuaKZGMaVOenZbczmFUVSi4HZGyqVRxX6WIxVoD0
    MZXwWUoWZ32C6II3vp/ReAsouhCnKDKhqfrvH58xF82FTMMXBZ/kDy7k5IySylkC
    gcEA4tpiV1eKzC/ft0sPUNmZB/snHfXC+xohzTygCg4L1Rf8zjDnUT/o9D8SRe1/
    crkG7ZcjKvIdPz0tatyjyNMsZ9TDISiAJQJ8Et1+jBP0uy2qG+ab+Ub761BR5TX0
    O78UcmtEyxaaDZsESWj+qYerG4E7zGZiTscTe2Jma5fPlS1ekyfNzk1GBtya9bIM
    r991o/PahSmCz5iPxf4avYM/vQm2p+wIk+o6ZhJIAUlRFrCv8y9lYivQjw+tZA+G
    bdE7AoHBANKHg0Jb5BLJmN/5/PLkkELhaZG+UNUngtm46dm/84+sqtdTcUHpqdHv
    M/skRYDVERmI50QZ2HmzVC8J+zzs9r01VNNA+Tzcoi3eB3FPdDYPTDtLSzRfsC82
    kix8d2uVs+rfmvKwT0XucNvMQjUyYDII7IJln1iIJp2XQZaNleqgyi65kni+6FrQ
    EJ9gVD4PtCkX7rKo8csMITe6n+HZIzFpOY6BX0HU/4VGa+RQHGfGIdfKDOJ5AtyG
    RPYVvZ1E3QKBwE520sT7FpsBhBPV9no0iWXlTOZj9wj7RO3EJmbT7OvL3DlFWP0V
    afHxTtS5DPgVX3wWZqeYDt2sv2TS5CO2Rwmy4bs6Uvh6H4g27GpvDJshdFEqNpDG
    KKR/p5PsUYnI0b2xtJ26N5a1I4pwsoTY1CozTQep8h7lZKusoVhdrgMfKjMj9V+C
    AtKkw0RwTUsXs4z973tXnFNJpZEKDx21o/oyvebfESh4P7LGZ/lp7o42luU6Y4rN
    NNoGxiZx6EFbuQKBwGbMltJTTmXCHKzZQ6NS6gJOUR9CX/QFLAamHUIfUY3JUU59
    RyNZNnv1IluyVWHYKFZgnBSLzkF2yFeDtzMDvmObZAUXh9wpG+Prs5SnqGYxSBb3
    6Av14XDcY7nnOOTGn6jDcMSqRLsv99nLvlR9ea1U4C+38XvoV3rB/dvG3PpJcxAn
    uxbMmWamjEdWYSxAvMcIEZ0Zk5+DF8E/loxQW7fn2pv0HhBmMjLgtRQx7fzaKXJW
    Db6UOkp2IbxL11+w3QKBwDloDgwB7ukGyFHf3RKy3YX0en1WGBesXONf1m2fjwOU
    nojccfaGwAUdb6m60JuZFhJ3qZ4ecoloY4GxIKV5krvBg1buow/aqDDkKmVVYNO6
    FUuXp+BbTBSxjfftSaog7y5Db5aecLXU5FLE+sVlrhp17s9h8Ur+O04SytSVh9JS
    SkzHYv+4GybZqmOeF2U+whib8JXD2bJkSfNI1dZZhKVqoTUQfEAE3VFY0EHkVQwk
    rLHmjspsUjKc4BKfVRGWJg==
    -----END PRIVATE KEY-----
    
    Note: Please keep a copy of your certificate request and private key for future
    reference.
    Top of Page