Command to initiate the Certificates mode and to use its subcommands.
list [-a| --alias alias[,alias2,...,aliasn]] [-d|--detail] add -h| --hostname EChostname -u| --username username [-p| --pass password] [-f| --force] [-n| --port portnumber] remove -a|--alias alias[,alias2,...,aliasn]
Certificates mode allows you to view and manage the list of trusted certificates for known remote EC servers. The CLI doesn't check for certificates in local connections.
Certificates are stored in a truststore file in the user directory. When connecting to an EC remotely, the CLI verifies if the certificate chain of the EC server is part of the trusted list. If the certificate chain is not in the trusted list, then the CLI request to accept the new certificate to add it to the list. If the certificate chain is not accepted, then the connection fails.
Additionally, you can set your user environment to silently accept all certificates by setting the accept_all_certificates
variable to true, see the Oracle Enterprise Manager Ops Center Command Line Interface guide for more information in changing the value of the variable. You can also set your connection to silently accept all certificates by using the -a or --accept_all_certificates
option with the connect command. This is especially useful for non-interactive sessions where it is not possible to interactively accept the certificate.
To enable your scripts to connect to a remote server, you can choose from the following options:
If you reinstall your EC and CLI often, modify your scripts to add the -a or --accept_all_certificates
option to the connect command to make them pass-through.
If you reinstall your EC often but not the CLI, you might prefer to change the new CLI preference accept_all_certificates
to automatically accept certificates at all times for all servers to which it connects. You can also add the following line at the beginning of each script to add the certificate, although this command connects to the EC and then disconnects: certificates.add -h hostname -u username [-n port] -p password -f
.
If you do not reinstall your EC often, then you can connect to the EC interactively to accept the certificate at the user level which adds it to the user's truststore. In this case you will need to connect interactively to it after each reinstall of your EC to accept its new certificates.
list [
-a
|--alias
alias
[,alias2, ... , aliasN]
] [
-d|--detail
]
Displays the alias, issuer, subject, and serial number. Use the -a|--alias
option to display specific aliases. Use the -d|--detail
option to include attributes for each alias.
add
-h|--hostname
hostname
-u|--username
username
[-p|--pass
password
] [-f|--force] [-n|--port
port_number
]
Adds a certificate to the trusted list. User the -p|--pass
option to execute the command without entering the user password interactively. Use the -f|--force
option to execute the command without receiving any confirmation message, useful for scripts where no interaction is possible. Use the -n|--port
option to specify a port number to use.
remove
-a|--alias
alias
Deletes a certificate from the trusted list.
-a|--alias
Specifies that the subcomand acts on a specific alias.
-d|--detail
Includes certificates's attributes in the display.
-f|--force
Option to add a certificate to the trusted list without receiving any confirmation message, useful for scripts where no interaction is possible.
-h|--hostname
Option to specify the host name of the remote Enterprise Controller server.
-n|--port
Option to add a port number to use.
-p|--pass
Option to add a password to use.
-u|--username
Option to add the user name to use.
The alias of the certificate.
Password of the user name to establish the connection to the remote Enterprise Controller server.
Port number to establish the connection to the remote Enterprise Controller server.
User name to establish the connection to the remote Enterprise Controller server.
xvmSh/certificates > list
Alias | Issuer | Subject | Serial Number |
---------------------------------------------------------------------------------------------------
root@sm-36:11172| CN=sm-36_oem-ec_ca | CN=sm-36_oem-ec_ca | 385822055
root@sm-36:11172| CN=sm-36_oem-ec_ca | CN=sm-36_oem-ec_agent | 1497938285
xvmSh/certificates > add -h sm-37 -u root Enter password for authentication > ******** Untrusted certificate encountered. Create an exception to accept it at each connection? [Display/Yes/No] y Certificate chain added for root@sm-37:11172
xvmSh/certificates > remove -a root@sm-37:11172
xvmSh/certificates>
oc
(5), collisions
(1), controllers
(1), credentials
(1), deploy
(1), deploy-setup
(1), discover
(1), fwimage
(1), fwprofile
(1), gear
(1), groups
(1), incidents
(1), jobs
(1), monitoring
(1), networks
(1), notifications
(1), osimage
(1), osprofile
(1), reports
(1), serverpools
(1), stats
(1), update
(1), user
(1), virtualization
(1).