sslcfg command
Use this command to display and configure the SSL for the IMM and manage certificates.
The sslcfg command is used to generate a new encryption key and self-signed certificate or certificate signing request (CSR).
Syntax:
sslcfg [-options]
Option | Description | Values |
---|---|---|
-server | Web over HTTPS status | enabled, disabled Note
|
-client | Secure LDAP status | enabled, disabled Note The SSL client can be enabled only if a valid server or client certificate is in place. |
-cert | Generate self-signed certificate | server, client, sysdir, storekey Note
|
-csr | Generate a CSR | server, client, sysdir, storekey Note
|
-form | Format of the CSR or certificate that will be exported. | der, pem (default pem) |
-algo | CSR algorithm | p256, p384, rsa2048, rsa3072, rsa4096 Note A default value (p256) will be set if there is not a |
-rm | Remove the certificate | server, storekey Note A default self-signed certificate (server) would be generated automatically after the current one is removed. |
-i | IP address for TFTP/SFTP server | Valid IP address Note An IP address for the TFTP or SFTP server must be specified when uploading a certificate, or downloading a certificate or CSR. |
-pn | Port number of TFTP/SFTP server | Valid port number (default 69/22) |
-u | User name for SFTP server | Valid user name |
-pw | Password for SFTP server | Valid password |
-l | Certificate filename | Valid filename Note A filename is required when downloading or uploading a certificate or CSR. If no filename is specified for a download, the default name for the file is used and displayed. |
-dnld | Exports the specified file to the remote host | This option takes no arguments; but must be used with -cert or -csr; as well as -i, and -l command options. |
-upld | Imports certificate file | This option takes no arguments, but must also specify values for the -cert, -i, and -l command options. |
-tc[x] | Trusted certificate x for SSL client | import, download, remove Note The trusted certificate number, |
Required options for generating a self-signed certificate or CSR Note Required when generating a self-signed certificate or CSR. | ||
-c | Country | Country code (2 letters) |
-sp | State or province | Quote-delimited string (maximum 60 characters) |
-cl | City or locality | Quote-delimited string (maximum 50 characters) |
-on | Organization name | Quote-delimited string (maximum 60 characters) |
-hn | BMC host name | String (maximum 60 characters) |
Optional options for generating a self-signed certificate or CSR Note Optional when generating a self-signed certificate or CSR. | ||
-cp | Contact person | Quote-delimited string (maximum 60 characters) |
-ea | Contact person email address | Valid email address (maximum 60 characters) |
-ou | Organizational unit | Quote-delimited string (maximum 60 characters) |
-s | Surname | Quote-delimited string (maximum 60 characters) |
-gn | Given name | Quote-delimited string (maximum 60 characters) |
-in | Initials | Quote-delimited string (maximum 20 characters) |
-dq | Domain name qualifier | Quote-delimited string (maximum 60 characters) |
Optional options for generating a CSR Note Optional when generating a CSR. | ||
-cpwd | Challenge password | String (minimum 6 characters, maximum 30 characters) |
-un | Unstructured name | Quote-delimited string (maximum 60 characters) |
Examples:
system> sslcfg
-server enabled
-client disabled
-sysdir enabled
SSL Server Certificate status:
A self-signed certificate is installed
SSL Client Certificate status:
A self-signed certificate is installed
SSL Client Trusted Certificate status:
Trusted Certificate 1: Not available
Trusted Certificate 2: Not available
Trusted Certificate 3: Not available
Trusted Certificate 4: Not available
Client certificate examples:
- To generate a CSR for a storage key, enter the following command:
system> sslcfg -csr storekey -c US -sp NC -cl rtp -on LNV -hn XCC-5cf3fc -cp Contact -ea "" -ou""
ok
- To download a certificate from the IMM to another server, enter the following command:
system> sslcfg -csr storekey -dnld -i 192.168.70.230 -l storekey.csr
ok
- To upload the certificate processed by the Certificate Authority (CA), enter the following command:
system> sslcfg -cert storekey -upld -i 192.168.70.230 -l tklm.der
- To generate a self-signed certificate, enter the following command:
system> sslcfg -cert storekey -c US -sp NC -cl rtp -on LNV -hn XCC-5cf3fc -cp Contact -ea "" -ou "
ok
SKLM Server certificate example:
- To import the SKLM server certificate, enter the following command:
system> storekeycfg -add -ip 192.168.70.200 -f tklm-server.der
ok
Give documentation feedback