Template files for generate certificates
To generate the certificate, the generate command requires an XML file containing the certificate information. Users can find the template files in the Sample folder under the Lenovo XClarity OneCLI folder.
To generate the common certificates for most systems, use the template.xml file.
For the following scenarios, use the cert_redfish_template.xml file:
Generate a certificate sign request (CSR) containing Subject Alternative Name (SAN) information. For the ThinkSystem V1/V2/V3 servers, the --redfish parameters should be used to connect to XCC through Redfish.
Generate the certificate or CSR for the ThinkSystem V4 servers.
This table provides a list of the template.xml file variables and their definitions.
| Variables | Definition |
|---|---|
| Country Name | The two-letter ISO abbreviation for user’s country. |
| State or Province Name | The state or province where user’s organization is located. This entry cannot be abbreviated. |
| Locality Name | The city where user’s organization is located. |
| Organization Name | The exact legal name of user’s organization. Do not abbreviate user’s organization name. |
| Common Name | A fully qualified domain name that resolves to the SSL VPN device. For example, if users intend to secure the URL https://ssl.yourdomain.com, then the common name of the certificate sign request should be ssl.yourdomain.com. |
| Name | This is an optional field for entering a contact name. |
| Email Address | This is an optional field for entering a contact email address. |
| Organization Unit Name | This is an optional field for the name of the unit in user’s organization. |
| Surname | This is an optional field for entering a surname of contact person. |
| givenName | This is an optional field for entering a given name of contact name. |
| Initials | This is an optional field for entering initials of contact name. |
| dnQualifier | This is an optional field for entering the domain name qualifier. |
| Challenge password | This is an optional attribute. When specifying a challenge password in the certificate sign request and intending to revoke the certificate later, users must know the challenge password. |
| unstructuredName | This is an optional field for entering the unstructured name for contact |
template.xml
Note
The name and value fields cannot be blank. Optional items should be removed if they are not used to avoid potential failure.
<?xml version="1.0" encoding="utf-8"?>
<asu version="2.1">
<new_key_and_self_signed_cert_info>
<item type="Required">
<vectorID>0001</vectorID>
<name>countryName</name>
<value minlen="2" maxlen="2">XX</value>
</item>
<item type="Required">
<vectorID>0001</vectorID>
<name>stateOrProvinceName</name>
<value minlen="1" maxlen="30">XXXX</value>
</item>
<item type="Required">
<vectorID>0001</vectorID>
<name>localityName</name>
<value minlen="1" maxlen="50">XXXX</value>
</item>
<item type="Required">
<vectorID>0001</vectorID>
<name>organizationName</name>
<value minlen="1" maxlen="60">XXXX</value>
</item>
<item type="Required">
<vectorID>0001</vectorID>
<name>commonName</name>
<value minlen="1" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>Name</name>
<value minlen="1" maxlen="60">XXXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>emailAddress</name>
<value minlen="1" maxlen="60">XXXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>validityPeriod</name>
<value minlen="0" maxlen="2">XX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>organizationalUnitName</name>
<value minlen="0" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>Surname</name>
<value minlen="0" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>givenName</name>
<value minlen="0" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>Initials</name>
<value minlen="0" maxlen="20">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>dnQualifier</name>
<value minlen="0" maxlen="60">XXXX</value>
</item>
</new_key_and_self_signed_cert_info>
<new_key_and_cert_sign_req_info>
<item type="Required">
<vectorID>0001</vectorID>
<name>countryName</name>
<value minlen="2" maxlen="2">XX</value>
</item>
<item type="Required">
<vectorID>0001</vectorID>
<name>stateOrProvinceName</name>
<value minlen="1" maxlen="30">XXXX</value>
</item>
<item type="Required">
<vectorID>0001</vectorID>
<name>localityName</name>
<value minlen="1" maxlen="50">XXXX</value>
</item>
<item type="Required">
<vectorID>0001</vectorID>
<name>organizationName</name>
<value minlen="1" maxlen="60">XXXX</value>
</item>
<item type="Required">
<vectorID>0001</vectorID>
<name>commonName</name>
<value minlen="1" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>Name</name>
<value minlen="1" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>emailAddress</name>
<value minlen="1" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>organizationalUnitName</name>
<value minlen="0" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>Surname</name>
<value minlen="0" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>givenName</name>
<value minlen="0" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>Initials</name>
<value minlen="0" maxlen="20">XXXX</value>
</item>
<item type="Optional">
<vectorID>0001</vectorID>
<name>dnQualifier</name>
<value minlen="0" maxlen="60">XXXX</value>
</item>
<item type="Optional">
<vectorID>0002</vectorID>
<name>challengePassword</name>
<value minlen="6" maxlen="30">XXXX</value>
</item>
<item type="Optional">
<vectorID>0002</vectorID>
<name>unstructuredName</name>
<value minlen="1" maxlen="60">XXXX</value>
</item>
</new_key_and_cert_sign_req_info>
</asu>
cert_redfish_template.xml
Note
The name and value fields cannot be blank. Optional items should be removed if they are not used to avoid potential failure.
<?xml version="1.0" encoding="utf-8"?>
<asu version="2.1">
<new_key_and_cert_sign_req_info>
<item type="Required" minlen="2">
<name>Country</name>
<value>XXXX</value>
</item>
<item type="Required">
<name>City</name>
<value>XXXX</value>
</item>
<item type="Required">
<name>CommonName</name>
<value>XXXX</value>
</item>
<item type="Required">
<name>State</name>
<value>XXXX</value>
</item>
<item type="Required">
<name>Organization</name>
<value>XXXX</value>
</item>
<items type="Optional">
<name>AlternativeNames</name>
<value>XXXX</value>
<value>XXXXX</value>
<value>XXXXXX</value>
</items>
<items type="Optional" validValue="DigitalSignature/NonRepudiation/KeyEncipherment">
<name>KeyUsages</name>
<value>XXXX</value>
<value>XXXXX</value>
<value>XXXXXX</value>
</items>
<item type="Optional">
<name>challengePassword</name>
<value>XXXX</value>
</item>
<item type="Optional">
<name>ContactPerson</name>
<value>XXXX</value>
</item>
<item type="Optional" pattern="^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9]([a-zA-Z0-9-]
{0,61}[a-zA-Z0-9])?(.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$">
<name>Email</name>
<value>XXXX</value>
</item>
<item type="Optional">
<name>GivenName</name>
<value>XXXX</value>
</item>
<item type="Optional">
<name>Initials</name>
<value>XXXX</value>
</item>
<item type="Optional">
<name>OrganizationalUnit</name>
<value>XXXX</value>
</item>
<item type="Optional">
<name>Surname</name>
<value>XXXX</value>
</item>
<item type="Optional" validValue="TPM_ECC_NIST_P384">
<name>KeyCurveId</name>
<value></value>
</item>
<item type="Optional" validValue="TPM_ALG_ECDH">
<name>KeyPairAlgorithm</name>
<value></value>
</item>
<item type="Optional">
<name>UnstructuredName</name>
<value>XXXX</value>
</item>
</new_key_and_cert_sign_req_info>
</asu>
Give documentation feedback