ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security certificate show-truststore

    Display default truststore certificates

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command displays information about the default CA certificates that come pre-installed with Data ONTAP. Some details are displayed only when you use the command with the -instance parameter.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all fields.

    [-vserver <Vserver Name>] - Name of Vserver

    Selects the Vserver whose digital certificates you want to display.

    [-common-name <FQDN or Custom Common Name>] - FQDN or Custom Common Name

    Selects the certificates that match this parameter value.

    [-serial <text>] - Serial Number of Certificate

    Selects the certificates that match this parameter value.

    [-ca <text>] - Certificate Authority

    Selects the certificates that match this parameter value.

    [-type <type of certificate>] - Type of Certificate

    Selects the certificates that match this parameter value.

    [-subtype <kmip-cert>] - (DEPRECATED)-Certificate Subtype
    This parameter has been deprecated in ONTAP 9.6 and may be removed in a future release of Data ONTAP.
    Selects the certificate subtype that matches the specified value. The valid values are as follows:
    • kmip-cert - this is a Key Management Interoperability Protocol (KMIP) certificate

    [-cert-name <text>] - Unique Certificate Name

    This specifies the system’s internal identifier for the certificate. It is unique within a Vserver.

    [-size <size of requested certificate in bits>] - Size of Requested Certificate in Bits

    Selects the certificates that match this parameter value.

    [-start <Date>] - Certificate Start Date

    Selects the certificates that match this parameter value.

    [-expiration <Date>] - Certificate Expiration Date

    Selects the certificates that match this parameter value.

    [-public-cert <certificate>] - Public Key Certificate

    Selects the certificates that match this parameter value.

    [-country <text>] - Country Name

    Selects the certificates that match this parameter value.

    [-state <text>] - State or Province Name

    Selects the certificates that match this parameter value.

    [-locality <text>] - Locality Name

    Selects the certificates that match this parameter value.

    [-organization <text>] - Organization Name

    Selects the certificates that match this parameter value.

    [-unit <text>] - Organization Unit

    Selects the certificates that match this parameter value.

    [-email-addr <mail address>] - Contact Administrator’s Email Address

    Selects the certificates that match this parameter value.

    [-protocol <protocol>] - Protocol

    Selects the certificates that match this parameter value.

    [-hash-function <hashing function>] - Hashing Function

    Selects the certificates that match this parameter value.

    [-self-signed {true|false}] - Self-Signed Certificate

    Selects the certificates that match this parameter value.

    [-is-root {true|false}] - Is Root CA Certificate?

    Selects the certificates that match this parameter value.

    [-authority-key-identifier <text>] - Authority Key Identifier

    Selects the certificates that match this parameter value.

    [-subject-key-identifier <text>] - Subject Key Identifier

    Selects the certificates that match this parameter value.

    Examples

    The examples below display information about the pre-installed truststore digital certificates.

    cluster1::> security certificate show-truststore
    
    Vserver    Serial Number   Certificate Name                          Type
    ---------- --------------- ----------------------------------------- ---------
    vs0        4F4E4D7B         www.example.com         server-ca
        Certificate Authority:  www.example.com
              Expiration Date: Thu Feb 28 16:08:28 2013
    cluster1::> security certificate show-truststore -instance
                                 Vserver: vs0
                        Certificate Name:  www.example.com
              FQDN or Custom Common Name:  www.example.com
            Serial Number of Certificate: 4F4E4D7B
                   Certificate Authority:  www.example.com
                     Type of Certificate: server-ca
     Size of Requested Certificate(bits): 2048
                  Certificate Start Date: Fri Apr 30 14:14:46 2010
             Certificate Expiration Date: Sat Apr 30 14:14:46 2011
                  Public Key Certificate: -----BEGIN CERTIFICATE-----
                                          MIIDfTCCAmWgAwIBAwIBADANBgkqhkiG9w0BAQsFADBgMRQwEgYDVQQDEwtsYWIu
                                          YWJjLmNvbTELMAkGA1UEBhMCVVMxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD
                                          VQQKEwAxCTAHBgNVBAsTADEPMA0GCSqGSIb3DQEJARYAMB4XDTEwMDQzMDE4MTQ0
                                          BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCVG7dYGe51akE14ecaCdL+LOAxUMA0G
                                          CSqGSIb3DQEBCwUAA4IBAQBJlE51pkDY3ZpsSrQeMOoWLteIR+1H0wKZOM1Bhy6Q
                                          +gsE3XEtnN07AE4npjIT0eVP0nI9QIJAbP0uPKaCGAVBSBMoM2mOwbfswI7aJoEh
                                          +XuEoNr0GOz+mltnfhgvl1fT6Ms+xzd3LGZYQTworus2
                                          -----END CERTIFICATE-----
            Country Name (2 letter code): US
      State or Province Name (full name): California
               Locality Name (e.g. city): Sunnyvale
        Organization Name (e.g. company): example
        Organization Unit (e.g. section): IT
            Email Address (Contact Name):  web@example.com
                                Protocol: SSL
                        Hashing Function: SHA256
    Top of Page