ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security certificate show-user-installed

    Display user installed certificates

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command displays information about the user installed digital certificates. Some details are displayed only when you use the command with the -instance parameter. In systems upgraded, existing Data ONTAP generated certificates will also be shown as part of this command.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all fields.

    [-vserver <Vserver Name>] - Name of Vserver

    Selects the Vserver whose digital certificates you want to display.

    [-common-name <FQDN or Custom Common Name>] - FQDN or Custom Common Name

    Selects the certificates that match this parameter value.

    [-serial <text>] - Serial Number of Certificate

    Selects the certificates that match this parameter value.

    [-ca <text>] - Certificate Authority

    Selects the certificates that match this parameter value.

    [-type <type of certificate>] - Type of Certificate

    Selects the certificates that match this parameter value.

    [-subtype <kmip-cert>] - (DEPRECATED)-Certificate Subtype
    This parameter has been deprecated in ONTAP 9.6 and may be removed in a future release of Data ONTAP.
    Selects the certificate subtype that matches the specified value. The valid values are as follows:
    • kmip-cert - this is a Key Management Interoperability Protocol (KMIP) certificate

    [-cert-name <text>] - Unique Certificate Name

    This specifies the system’s internal identifier for the certificate. It is unique within a Vserver.

    [-size <size of requested certificate in bits>] - Size of Requested Certificate in Bits

    Selects the certificates that match this parameter value.

    [-start <Date>] - Certificate Start Date

    Selects the certificates that match this parameter value.

    [-expiration <Date>] - Certificate Expiration Date

    Selects the certificates that match this parameter value.

    [-public-cert <certificate>] - Public Key Certificate

    Selects the certificates that match this parameter value.

    [-country <text>] - Country Name

    Selects the certificates that match this parameter value.

    [-state <text>] - State or Province Name

    Selects the certificates that match this parameter value.

    [-locality <text>] - Locality Name

    Selects the certificates that match this parameter value.

    [-organization <text>] - Organization Name

    Selects the certificates that match this parameter value.

    [-unit <text>] - Organization Unit

    Selects the certificates that match this parameter value.

    [-email-addr <mail address>] - Contact Administrator’s Email Address

    Selects the certificates that match this parameter value.

    [-protocol <protocol>] - Protocol

    Selects the certificates that match this parameter value.

    [-hash-function <hashing function>] - Hashing Function

    Selects the certificates that match this parameter value.

    [-self-signed {true|false}] - Self-Signed Certificate

    Selects the certificates that match this parameter value.

    [-is-root {true|false}] - Is Root CA Certificate?

    Selects the certificates that match this parameter value.

    [-authority-key-identifier <text>] - Authority Key Identifier

    Selects the certificates that match this parameter value.

    [-subject-key-identifier <text>] - Subject Key Identifier

    Selects the certificates that match this parameter value.

    Examples

    The examples below display information about user installed digital certificates.

    cluster1::> security certificate show-user-installed
    
    Vserver    Serial Number   Certificate Name                          Type
    ---------- --------------- ----------------------------------------- ---------
    vs0        4F4E4D7B         www.example.com         server
        Certificate Authority:  www.example.com
              Expiration Date: Thu Feb 28 16:08:28 2013
    cluster1::> security certificate show-user-installed -instance
                                 Vserver: vs0
                        Certificate Name:  www.example.com
              FQDN or Custom Common Name:  www.example.com
            Serial Number of Certificate: 4F4E4D7B
                   Certificate Authority:  www.example.com
                     Type of Certificate: server
     Size of Requested Certificate(bits): 2048
                  Certificate Start Date: Fri Apr 30 14:14:46 2010
             Certificate Expiration Date: Sat Apr 30 14:14:46 2011
                  Public Key Certificate: -----BEGIN CERTIFICATE-----
                                          MIIDfTCCAmWgAwIBAwIBADANBgkqhkiG9w0BAQsFADBgMRQwEgYDVQQDEwtsYWIu
                                          YWJjLmNvbTELMAkGA1UEBhMCVVMxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD
                                          VQQKEwAxCTAHBgNVBAsTADEPMA0GCSqGSIb3DQEJARYAMB4XDTEwMDQzMDE4MTQ0
                                          BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCVG7dYGe51akE14ecaCdL+LOAxUMA0G
                                          CSqGSIb3DQEBCwUAA4IBAQBJlE51pkDY3ZpsSrQeMOoWLteIR+1H0wKZOM1Bhy6Q
                                          +gsE3XEtnN07AE4npjIT0eVP0nI9QIJAbP0uPKaCGAVBSBMoM2mOwbfswI7aJoEh
                                          +XuEoNr0GOz+mltnfhgvl1fT6Ms+xzd3LGZYQTworus2
                                          -----END CERTIFICATE-----
            Country Name (2 letter code): US
      State or Province Name (full name): California
               Locality Name (e.g. city): Sunnyvale
        Organization Name (e.g. company): example
        Organization Unit (e.g. section): IT
            Email Address (Contact Name):  web@example.com
                                Protocol: SSL
                        Hashing Function: SHA256
    Top of Page