sslcfg command
Use this command to display and configure the SSL for the BMC and manage certificates.
The sslcfg command is used to generate a new encryption key and self-signed certificate or certificate signing request (CSR).
Note
SKIM related options are currently not supported.
Syntax:
sslcfg [-options]
| Option | Description | Values |
|---|---|---|
| -server | Web over HTTPS status | enabled, disabled Note
|
| -client | Secure LDAP status | enabled, disabled Note The SSL client can be enabled only if a valid server or client certificate is in place. |
| -cert | Generate self-signed certificate | server, storekey Note
|
| -csr | Generate a CSR | server, storekey Note
|
| -form | Format of the CSR or certificate that will be exported. | der, pem (default pem) |
| -algo | CSR algorithm | p256, p384, rsa2048, rsa3072, rsa4096 Note A default value |
| -rm | Remove the certificate | storekey Note A default self-signed certificate (server) would be generated automatically after the current one is removed. |
| -i | IP address for TFTP/SFTP server | Valid IP address Note An IP address for the TFTP or SFTP server must be specified when uploading a certificate, or downloading a certificate or CSR. |
| -pn | Port number of TFTP/SFTP server | Valid port number (default 69/22) |
| -u | User name for SFTP server | Valid user name |
| -pw | Password for SFTP server | Valid password |
| -l | Certificate filename | Valid filename Note A filename is required when downloading or uploading a certificate or CSR. If no filename is specified for a download, the default name for the file is used and displayed. |
| -dnld | Exports the specified file to the remote host | This option takes no arguments; but must be used with -cert or -csr; as well as -i, and -l command options. |
| -upld | Imports certificate file | This option takes no arguments, but must also specify values for the -cert, -i, and -l command options. |
| -tcx | Trusted certificate x for SSL client | import, download, remove Note The trusted certificate number, |
| Required options for generating a self-signed certificate or CSR | ||
| -c | Country | Country code (2 letters) |
| -sp | State or province | Quote-delimited string (maximum 60 characters) |
| -cl | City or locality | Quote-delimited string (maximum 50 characters) |
| -on | Organization name | Quote-delimited string (maximum 60 characters) |
| -hn | BMC host name | String (maximum 60 characters) |
| Optional options for generating a self-signed certificate or CSR | ||
| -cp | Contact person | Quote-delimited string (maximum 60 characters) |
| -ea | Contact person email address | Valid email address (maximum 60 characters) |
| -ou | Organizational unit | Quote-delimited string (maximum 60 characters) |
| -s | Surname | Quote-delimited string (maximum 60 characters) |
| -gn | Given name | Quote-delimited string (maximum 60 characters) |
| -in | Initials | Quote-delimited string (maximum 20 characters) |
| -dq | Domain name qualifier | Quote-delimited string (maximum 60 characters) |
| Optional options for generating a CSR | ||
| -cpwd | Challenge password | String (minimum 6 characters, maximum 30 characters) |
| -un | Unstructured name | Quote-delimited string (maximum 60 characters) |
Examples:
system> sslcfg
-server enabled
-client disabled
SSL server Certificate status:
[A self-signed certificate is installed. Expiration: November 14, 2027]
SSL storekey Certificate status:
[No certificate is installed.]
SSL Client Trusted Certificate status:
Trusted Certificate 1: Not available.
Trusted Certificate 2: Not available.
Trusted Certificate 3: Not available.
Trusted Certificate 4: Not available.
Trusted Certificate 5: Not available.
Trusted Certificate 6: Not available.
Trusted Certificate 7: Not available.
Trusted Certificate 8: Not available.
Trusted Certificate 9: Not available.
Trusted Certificate 10: Not available.
Give documentation feedback