ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security key-manager external show

    Show the set of configured external key management servers.

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command displays the external key management servers configured on the cluster for a given Vserver. No entries are displayed when external key management is not enabled for the given Vserver. This command displays the primary external key management servers, along with any associated secondary key servers, configured on the cluster for a given Vserver.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all fields.

    [-vserver <vserver name>] - Vserver Name

    If you specify this parameter, then the command displays only the key management servers for the given Vserver.

    [-key-server <text>] - Key Server Name with port

    If you specify this parameter, then the command displays only the key management servers with the given primary key server host name or IP address listening on the given port.

    [-client-cert <text>] - Name of the Client Certificate

    If you specify this parameter, then the command displays only the key management servers using a client certificate with the given name.

    [-server-ca-certs <text>,…​] - Names of the Server CA Certificates

    If you specify this parameter, then the command displays only the key management servers using server-ca certificates with the given names.

    [-timeout <integer>] - Server I/O Timeout

    If you specify this parameter, then the command displays only the key management servers using the given I/O timeout.

    [-username <text>] - Authentication User Name

    If you specify this parameter, then the command displays only the key management servers using the given authentication username.

    [-policy <text>] - Security Policy

    If you specify this parameter, then the command displays only the key management servers using the given key manager policy.

    [-secondary-key-servers <text>,…​] - Secondary Key Servers

    If you specify this parameter, then the command displays only the key management servers with the given secondary key servers.

    Examples

    The following example lists all configured key management servers for all Vservers:

    cluster-1::> security key-manager external show
    Vserver: datavs
           Client Certificate: datavsClientCert
       Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2
              Security Policy: IBM_Key_Lore
    
    Primary Key Server
    ----------------------------------------------------------------------
    keyserver.datavs.com:5696
    Vserver: cluster-1
           Client Certificate: AdminClientCert
       Server CA Certificates: AdminServerCaCert
              Security Policy:
    Primary Key Server
    ----------------------------------------------------------------------
    10.0.0.10:1234
        Secondary Servers: ks1.local, ks2.local
    fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234
    ks1.local:1234
    4 entries were displayed.

    The following example lists all configured key management servers with more detail, including timeouts and usernames:

    cluster-1::> security key-manager external show -instance
    Vserver: datavs
           Client Certificate: datavsClientCert
       Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2
           Primary Key Server: keyserver.datavs.com:5696
                      Timeout: 25
                     Username: datavsuser
              Security Policy: IBM_Key_Lore
        Secondary Key Servers:
    Vserver: cluster-1
           Client Certificate: AdminClientCert
       Server CA Certificates: AdminServerCaCert
           Primary Key Server: 10.0.0.10:1234
                      Timeout: 25
                     Username:
              Security Policy:
        Secondary Key Servers: ks1.local, ks2.local
    Vserver: cluster-1
           Client Certificate: AdminClientCert
       Server CA Certificates: AdminServerCaCert
           Primary Key Server: fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234
                      Timeout: 25
                     Username:
              Security Policy:
        Secondary Key Servers:
    Vserver: cluster-1
           Client Certificate: AdminClientCert
       Server CA Certificates: AdminServerCaCert
           Primary Key Server: ks1.local:1234
                      Timeout: 45
                     Username:
              Security Policy:
        Secondary Key Servers:
    4 entries were displayed.
    Top of Page