ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security certificate sign

    Sign a Digital Certificate using Self-Signed Root CA

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command signs a digital certificate signing request and generates a certificate using a Self-Signed Root CA certificate in either PEM or PKCS12 format. You can use the security certificate generate-csr command to generate a digital certificate signing request.

    Parameters

    -vserver <Vserver Name> - Name of Vserver

    This specifies the name of the Vserver on which the signed certificate will exist.

    -ca <text> - Certificate Authority to Sign

    This specifies the name of the Certificate Authority that will sign the certificate.

    -ca-serial <text> - Serial Number of CA Certificate

    This specifies the serial number of the Certificate Authority that will sign the certificate.

    [-expire-days <integer>] - Number of Days until Expiration

    This specifies the number of days until the signed certificate expires. The default value is 365 days. Possible values are between 1 and 3652 .

    [-format <certificate format>] - Certificate Format

    This specifies the format of signed certificate. The default value is PEM. Possible values include PEM and PKCS12 .

    [-destination {(ftp|http|https)://(hostname|IPv4 Address|'['IPv6 Address']')…​}] - Where to Send File

    This specifies the destination to upload the signed certificate. This option can only be used when the format is PKCS12.

    [-hash-function <hashing function>] - Hashing Function

    This specifies the cryptographic hashing function for the self-signed certificate. The default value is SHA256. Possible values include SHA224 , SHA256 , SHA384 , and SHA512 .

    Examples

    This example signs a digital certificate for a Vserver named vs0 using a Certificate Authority certificate that has a ca of www.ca.com and a ca-serial of 4F4EB629 in PEM format using the SHA256 hashing function.

    cluster1::> security certificate sign -vserver vs0 -ca  www.ca.com -ca-serial 4F4EB629 -expire-days 36 -format PEM -hash-function SHA256
    
    Please enter Certificate Signing Request(CSR): Press <Enter> when done
    -----BEGIN CERTIFICATE REQUEST-----
    MIIBGjCBxQIBADBgMRQwEgYDVQQDEwtleGFtcGxlLmNvbTELMAkGA1UEBhMCVVMx
    CTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADEPMA0G
    CSqGSIb3DQEJARYAMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPXFanNoJApT1nzS
    xOcxixqImRRGZCR7tVmTYyqPSuTvfhVtwDJbmXuj6U3a1woUsb13wfEvQnHVFNci
    2ninsJ8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA0EA6EagLfso5+4g+ejiRKKTUPQO
    UqOUEoKuvxhOvPC2w7b//fNSFsFHvXloqEOhYECn/NX9h8mbphCoM5YZ4OfnKw==
    -----END CERTIFICATE REQUEST-----
    Signed Certificate: :
    -----BEGIN CERTIFICATE-----
    MIICwDCCAaigAwIBAgIET1oskDANBgkqhkiG9w0BAQsFADBdMREwDwYDVQQDEwh2
    czAuY2VydDELMAkGA1UEBhMCVVMxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD
    VQQKEwAxCTAHBgNVBAsTADEPMA0GCSqGSIb3DQEJARYAMB4XDTEyMDMwOTE2MTUx
    M1oXDTEyMDQxNDE2MTUxM1owYDEUMBIGA1UEAxMLZXhhbXBsZS5jb20xCzAJBgNV
    BAYTAlVTMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQL
    EwAxDzANBgkqhkiG9w0BCQEWADBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQD1xWpz
    -----END CERTIFICATE-----

    This example signs and exports a digital certificate to destination ftp://10.98.1.1//u/sam/sign.pfx for a Vserver named vs0 using a Certificate Authority certificate that expires in 36 days and has a ca value of www.ca.com and a ca-serial value of 4F4EB629 in PKCS12 format by the SHA384 hashing function.

    cluster1::> security certificate sign -vserver vs0 -ca www.ca.com -ca-serial 4F4EB629
    -expire-days 36 -format PKCS12 -destination ftp://10.98.1.1//u/sam/sign.pfx -hash-function SHA384
    
    Please enter Certificate Signing Request(CSR): Press <Enter> when done
    -----BEGIN CERTIFICATE REQUEST-----
    MIIBGjCBxQIBADBgMRQwEgYDVQQDEwtleGFtcGxlLmNvbTELMAkGA1UEBhMCVVMx
    CTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADEPMA0G
    CSqGSIb3DQEJARYAMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPXFanNoJApT1nzS
    xOcxixqImRRGZCR7tVmTYyqPSuTvfhVtwDJbmXuj6U3a1woUsb13wfEvQnHVFNci
    2ninsJ8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA0EA6EagLfso5+4g+ejiRKKTUPQO
    UqOUEoKuvxhOvPC2w7b//fNSFsFHvXloqEOhYECn/NX9h8mbphCoM5YZ4OfnKw==
    -----END CERTIFICATE REQUEST-----
    Signed Certificate: :
    -----BEGIN CERTIFICATE-----
    MIICwDCCAaigAwIBAgIET1ot8jANBgkqhkiG9w0BAQsFADBdMREwDwYDVQQDEwh2
    czAuY2VydDELMAkGA1UEBhMCVVMxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD
    VQQKEwAxCTAHBgNVBAsTADEPMA0GCSqGSIb3DQEJARYAMB4XDTEyMDMwOTE2MjEw
    NloXDTEyMDQxNDE2MjEwNlowYDEUMBIGA1UEAxMLZXhhbXBsZS5jb20xCzAJBgNV
    BAYTAlVTMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQL
    EwAxDzANBgkqhkiG9w0BCQEWADBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQD1xWpz
    oarXHSyDzv3T5QIxBGRJ0ACtgdjJuqtuAdmnKvKfLS1o4C90
    -----END CERTIFICATE-----
    Please enter Private Key: Press <Enter> when done
    -----BEGIN RSA PRIVATE KEY-----
    MIIBOwIBAAJBAPXFanNoJApT1nzSxOcxixqImRRGZCR7tVmTYyqPSuTvfhVtwDJb
    mXuj6U3a1woUsb13wfEvQnHVFNci2ninsJ8CAwEAAQJAWt2AO+bW3FKezEuIrQlu
    KoMyRYK455wtMk8BrOyJfhYsB20B28eifjJvRWdTOBEav99M7cEzgPv+p5kaZTTM
    gQIhAPsp+j1hrUXSRj979LIJJY0sNez397i7ViFXWQScx/ehAiEA+oDbOooWlVvu
    xj4aitxVBu6ByVckYU8LbsfeRNsZwD8CIQCbZ1/ENvmlJ/P7N9Exj2NCtEYxd0Q5
    cwBZ5NfZeMBpwQIhAPk0KWQSLadGfsKO077itF+h9FGFNHbtuNTrVq4vPW3nAiAA
    peMBQgEv28y2r8D4dkYzxcXmjzJluUSZSZ9c/wS6fA==
    -----END RSA PRIVATE KEY-----
    Please enter a password for pkcs12 file:
    Please enter it again:
    
    Enter User for Destination URI: sam
    Enter Password:
    Top of Page