Skip to main content

sslcfg command

Use this command to display and configure the SSL for the BMC and manage certificates.

The sslcfg command is used to generate a new encryption key and self-signed certificate or certificate signing request (CSR).

Note
SKIM related options are currently not supported.
Syntax:
sslcfg [-options]
Table 1. sslcfg options
OptionDescriptionValues
-serverWeb over HTTPS statusenabled, disabled
Note
  • Web over HTTPS can only be enabled if a certificate is in place.
  • Use -rm to completely disable the certificate.
-clientSecure LDAP statusenabled, disabled
Note
The SSL client can be enabled only if a valid server or client certificate is in place.
-certGenerate self-signed certificateserver, storekey
Note
  • Values for the -c, -sp, -cl, -on, and -hn command options are required when generating a self-signed certificate.
  • Values for the -cp, -ea, -ou, -s, -gn, -in, and -dq command options are optional when generating a self-signed certificate.
-csrGenerate a CSRserver, storekey
Note
  • Values for the -c, -sp, -cl, -on, and -hn command options are required when generating a CSR.
  • Values for the -cp, -ea, -ou, -s, -gn, -in, -dq, -cpwd, and -un command options are optional when generating a CSR.
-formFormat of the CSR or certificate that will be exported.der, pem (default pem)
-algoCSR algorithmp256, p384, rsa2048, rsa3072, rsa4096
Note
A default value p256 will be set if there is not a -algo option.
-rmRemove the certificatestorekey
Note
A default self-signed certificate (server) would be generated automatically after the current one is removed.
-iIP address for TFTP/SFTP serverValid IP address
Note
An IP address for the TFTP or SFTP server must be specified when uploading a certificate, or downloading a certificate or CSR.
-pnPort number of TFTP/SFTP serverValid port number (default 69/22)
-uUser name for SFTP serverValid user name
-pwPassword for SFTP serverValid password
-lCertificate filenameValid filename
Note
A filename is required when downloading or uploading a certificate or CSR. If no filename is specified for a download, the default name for the file is used and displayed.
-dnldExports the specified file to the remote hostThis option takes no arguments; but must be used with -cert or -csr; as well as -i, and -l command options.
-upldImports certificate fileThis option takes no arguments, but must also specify values for the -cert, -i, and -l command options.
-tcxTrusted certificate x for SSL clientimport, download, remove
Note
The trusted certificate number, x, is specified as an integer from 1 to 4 in the command option.
Required options for generating a self-signed certificate or CSR
-cCountryCountry code (2 letters)
-spState or provinceQuote-delimited string (maximum 60 characters)
-clCity or localityQuote-delimited string (maximum 50 characters)
-onOrganization nameQuote-delimited string (maximum 60 characters)
-hnBMC host nameString (maximum 60 characters)
Optional options for generating a self-signed certificate or CSR
-cpContact personQuote-delimited string (maximum 60 characters)
-eaContact person email addressValid email address (maximum 60 characters)
-ouOrganizational unitQuote-delimited string (maximum 60 characters)
-sSurnameQuote-delimited string (maximum 60 characters)
-gnGiven nameQuote-delimited string (maximum 60 characters)
-inInitialsQuote-delimited string (maximum 20 characters)
-dqDomain name qualifierQuote-delimited string (maximum 60 characters)
Optional options for generating a CSR
-cpwdChallenge passwordString (minimum 6 characters, maximum 30 characters)
-unUnstructured nameQuote-delimited string (maximum 60 characters)
Examples:
system> sslcfg
-server enabled
-client disabled
SSL server Certificate status:
[A self-signed certificate is installed. Expiration: November 14, 2027]
SSL storekey Certificate status:
[No certificate is installed.]
SSL Client Trusted Certificate status:
Trusted Certificate 1: Not available.
Trusted Certificate 2: Not available.
Trusted Certificate 3: Not available.
Trusted Certificate 4: Not available.
Trusted Certificate 5: Not available.
Trusted Certificate 6: Not available.
Trusted Certificate 7: Not available.
Trusted Certificate 8: Not available.
Trusted Certificate 9: Not available.
Trusted Certificate 10: Not available.