This command displays the external key management servers configured on the cluster for a given Vserver. No entries are displayed when external key management is not enabled for the given Vserver. This command displays the primary external key management servers, along with any associated secondary key servers, configured on the cluster for a given Vserver.

Parameters

{ [-fields <fieldname>,…]: If you specify the -fields <fieldname>, … parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
| [-instance ] }: If you specify the -instance parameter, the command displays detailed information about all fields.
[-vserver <vserver name>] - Vserver Name: If you specify this parameter, then the command displays only the key management servers for the given Vserver.
[-key-server <text>] - Key Server Name with port: If you specify this parameter, then the command displays only the key management servers with the given primary key server host name or IP address listening on the given port.
[-client-cert <text>] - Name of the Client Certificate: If you specify this parameter, then the command displays only the key management servers using a client certificate with the given name.
[-server-ca-certs <text>,…] - Names of the Server CA Certificates: If you specify this parameter, then the command displays only the key management servers using server-ca certificates with the given names.
[-timeout <integer>] - Server I/O Timeout: If you specify this parameter, then the command displays only the key management servers using the given I/O timeout.
[-username <text>] - Authentication User Name: If you specify this parameter, then the command displays only the key management servers using the given authentication username.
[-policy <text>] - Security Policy: If you specify this parameter, then the command displays only the key management servers using the given key manager policy.
[-secondary-key-servers <text>,…] - Secondary Key Servers: If you specify this parameter, then the command displays only the key management servers with the given secondary key servers.

Examples

The following example lists all configured key management servers for all Vservers:

cluster-1::> security key-manager external show
Vserver: datavs
       Client Certificate: datavsClientCert
   Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2
          Security Policy: IBM_Key_Lore

Primary Key Server
----------------------------------------------------------------------
keyserver.datavs.com:5696
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
          Security Policy:
Primary Key Server
----------------------------------------------------------------------
10.0.0.10:1234
    Secondary Servers: ks1.local, ks2.local
fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234
ks1.local:1234
4 entries were displayed.

The following example lists all configured key management servers with more detail, including timeouts and usernames:

cluster-1::> security key-manager external show -instance
Vserver: datavs
       Client Certificate: datavsClientCert
   Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2
       Primary Key Server: keyserver.datavs.com:5696
                  Timeout: 25
                 Username: datavsuser
          Security Policy: IBM_Key_Lore
    Secondary Key Servers:
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
       Primary Key Server: 10.0.0.10:1234
                  Timeout: 25
                 Username:
          Security Policy:
    Secondary Key Servers: ks1.local, ks2.local
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
       Primary Key Server: fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234
                  Timeout: 25
                 Username:
          Security Policy:
    Secondary Key Servers:
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
       Primary Key Server: ks1.local:1234
                  Timeout: 45
                 Username:
          Security Policy:
    Secondary Key Servers:
4 entries were displayed.