ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security certificate truststore check

    Initiate a TLS connection and identify the root CA certificate

    Availability: This command is available to cluster and Vserver administrators at the advanced privilege level.

    Description

    This command allows the user to check if the node can use the installed set of CA certificates to establish a secure connection with the specified server. If the connection attempt fails, the system reports which expected certificates are missing. If the attempt succeeds, the system displays details of the certificates used.

    Parameters

    -vserver <Vserver Name> - Vserver Name

    Use this parameter to specify the Vserver that needs the connectivity check.

    -server <Hostname and Port> - Server Name

    Use this parameter to specify the server to establish a connection with and look up the required CA certificate.

    Examples

    The following example demonstrates a missing CA certificate:

    cluster1::*> security certificate truststore check -vserver cluster1 -server example.com:443
    
    Error: command failed: Missing certificate with subject name: "CN = ExampleRoot, C = US"

    The following example demonstrates the required certificate being present:

    cluster1::*> security certificate truststore check -server example.com:443
    
    CA certificate with cert-name "ExampleRoot" is already installed in the truststore. Use "security certificate show -cert-name ExampleRoot" to see the details of the CA certificate.
    Top of Page