D.84. tarantella security

Controls SGD security services and manages server certificates.

Syntax

tarantella security certinfo | certrequest | certuse | customca |
decryptkey | disable | enable | fingerprint | peerca | selfsign |
start | stop

Description

The following table shows the available subcommands for this command.

Subcommand

Description

More Information

certinfo

Displays information about an SSL certificate or Certificate Signing Request (CSR), and optionally checks whether a specified private key matches the public key contained in a particular SSL certificate.

Section D.85, “tarantella security certinfo”

certrequest

Creates a CSR and a corresponding key pair, which you use to obtain an SSL certificate for use with SGD security services.

Section D.86, “tarantella security certrequest”

certuse

Installs an SSL certificate, or specifies the location of an installed certificate, for use with SGD security services.

Section D.87, “tarantella security certuse”

customca

Installs a root certificate for a custom CA for use with SGD security services.

Section D.88, “tarantella security customca”

decryptkey

Decrypts an encrypted private key so that you can use it with SGD.

Section D.89, “tarantella security decryptkey”

disable

If an SGD server has been secured using the tarantella security enable command, restores the security settings to their previous state.

Section D.90, “tarantella security disable”

enable

Makes an SGD server secure.

Section D.91, “tarantella security enable”

fingerprint

Displays the fingerprint of the CA certificate installed on the SGD server.

Section D.92, “tarantella security fingerprint”

peerca

Shows, imports, or exports the primary server's CA certificate used for secure intra-array communication.

Section D.93, “tarantella security peerca”

selfsign

Generates and installs a self-signed server SSL certificate.

Section D.94, “tarantella security selfsign”

start

Enables secure (SSL) connections. Users who require secure connections are given them.

Section D.95, “tarantella security start”

stop

Disables secure (SSL) connections. Users configured for secure connections are given standard connections instead.

Section D.96, “tarantella security stop”

Note

All commands include a --help option. You can use tarantella security subcommand --help to get help on a specific command.

Examples

The following example displays information about a CSR in /tmp/boston.csr.

# tarantella security certinfo --csrfile /tmp/boston.csr

The following example decrypts the key /opt/keys/key1, which is stored in Definite Encoding Rules (DER) format, placing the decrypted key in /opt/keys/key2.

# tarantella security decryptkey \
--enckey /opt/keys/key1 \
--deckey /opt/keys/key2 \
--format DER