sslcfg command
Use this command to display and configure the SSL for the BMC and manage certificates.
The sslcfg command is used to generate a new encryption key and self-signed certificate or certificate signing request (CSR).
Note
SKIM related options are currently not supported.
Syntax:
sslcfg [-options]
Option | Description | Values |
---|---|---|
-server | Web over HTTPS status | enabled, disabled Note
|
-client | Secure LDAP status | enabled, disabled Note The SSL client can be enabled only if a valid server or client certificate is in place. |
-cert | Generate self-signed certificate | server, storekey Note
|
-csr | Generate a CSR | server, storekey Note
|
-form | Format of the CSR or certificate that will be exported. | der, pem (default pem) |
-algo | CSR algorithm | p256, p384, rsa2048, rsa3072, rsa4096 Note A default value |
-rm | Remove the certificate | storekey Note A default self-signed certificate (server) would be generated automatically after the current one is removed. |
-i | IP address for TFTP/SFTP server | Valid IP address Note An IP address for the TFTP or SFTP server must be specified when uploading a certificate, or downloading a certificate or CSR. |
-pn | Port number of TFTP/SFTP server | Valid port number (default 69/22) |
-u | User name for SFTP server | Valid user name |
-pw | Password for SFTP server | Valid password |
-l | Certificate filename | Valid filename Note A filename is required when downloading or uploading a certificate or CSR. If no filename is specified for a download, the default name for the file is used and displayed. |
-dnld | Exports the specified file to the remote host | This option takes no arguments; but must be used with -cert or -csr; as well as -i, and -l command options. |
-upld | Imports certificate file | This option takes no arguments, but must also specify values for the -cert, -i, and -l command options. |
-tcx | Trusted certificate x for SSL client | import, download, remove Note The trusted certificate number, |
Required options for generating a self-signed certificate or CSR | ||
-c | Country | Country code (2 letters) |
-sp | State or province | Quote-delimited string (maximum 60 characters) |
-cl | City or locality | Quote-delimited string (maximum 50 characters) |
-on | Organization name | Quote-delimited string (maximum 60 characters) |
-hn | BMC host name | String (maximum 60 characters) |
Optional options for generating a self-signed certificate or CSR | ||
-cp | Contact person | Quote-delimited string (maximum 60 characters) |
-ea | Contact person email address | Valid email address (maximum 60 characters) |
-ou | Organizational unit | Quote-delimited string (maximum 60 characters) |
-s | Surname | Quote-delimited string (maximum 60 characters) |
-gn | Given name | Quote-delimited string (maximum 60 characters) |
-in | Initials | Quote-delimited string (maximum 20 characters) |
-dq | Domain name qualifier | Quote-delimited string (maximum 60 characters) |
Optional options for generating a CSR | ||
-cpwd | Challenge password | String (minimum 6 characters, maximum 30 characters) |
-un | Unstructured name | Quote-delimited string (maximum 60 characters) |
Examples:
system> sslcfg
-server enabled
-client disabled
SSL server Certificate status:
[A self-signed certificate is installed. Expiration: November 14, 2027]
SSL storekey Certificate status:
[No certificate is installed.]
SSL Client Trusted Certificate status:
Trusted Certificate 1: Not available.
Trusted Certificate 2: Not available.
Trusted Certificate 3: Not available.
Trusted Certificate 4: Not available.
Trusted Certificate 5: Not available.
Trusted Certificate 6: Not available.
Trusted Certificate 7: Not available.
Trusted Certificate 8: Not available.
Trusted Certificate 9: Not available.
Trusted Certificate 10: Not available.
Give documentation feedback