Go to main content

Oracle® ZFS Storage Appliance 管理指南,发行版 OS8.8.x

退出打印视图

更新时间: 2021 年 8 月
 
 

查看 CSR 和证书详细信息 (CLI)

使用此过程可查看 CSR 和证书详细信息。

系统证书可以是自动生成的基于域或 IP 地址的证书、自动生成的基于 ASN 的证书或 CA 签名的证书。

  1. 转到 configuration settings certificates system
  2. 输入 list 命令。

    如果尚未删除它们,则应至少看到一个基于域或 IP 地址自动生成的证书,以及恰好一个基于设备序列号 (Appliance Serial Number, ASN) UUID 自动生成的证书。

    hostname:configuration settings certificates system> list
    CERT     TYPE SUBJECT COMMON NAME   ISSUER COMMON NAME     NOT AFTER
    cert-002 cert alice.example.com...  alice.example.com... 2038-1-19
    cert-001 cert 17f5fdce-6d64-4736... 17f5fdce-6d64-4736-... 2038-1-19
  3. 使用 get 命令查看 CSR 或证书的详细信息。
    • 以下是自动生成的基于 ASN 的证书示例。

      在以下示例中,subject_commonnameissuer_commonnamedirname(标识名)的值为 ASN UUID。对于群集,dirname 包括每个对等设备的 ASN UUID。

      hostname:configuration settings certificates system> select cert-001
      hostname:configuration settings certificates system cert-002> get
                    uuid = uuid
      subject_commonname = 17f5fdce-6d64-4736-882c-bff99680bce6
       issuer_commonname = 17f5fdce-6d64-4736-882c-bff99680bce6
                 dirname = 17f5fdce-6d64-4736-882c-bff99680bce6,a040a259-53b0-4967-8b71-f65e7fbd8bed
                 comment = Automatically generated
               notbefore = 2006-2-15 18:00
                notafter = 2038-1-19 03:14:07
              rialnumber = 5D:DD:79:C5:00:00:00:03
           a1fingerprint = 60:AF:B4:EB:63:B3:E4:76:E0:90:C6:DD:93:7C:F8:61:71:E4:67:68
    • 以下是自动生成的常规证书的示例。
      hostname:configuration settings certificates system> select cert-002
      hostname:configuration settings certificates system cert-002> get
                    uuid = uuid
      subject_commonname = alice.example.com
       issuer_commonname = alice.example.com
                     dns = alice.example.com,alice,ip-addr
                      ip = ip-addr
                     uri = https://alice.example.com:215,https://alice:215,https://ip-addr
                 comment = Automatically generated
               notbefore = 2006-2-15 18:00
                notafter = 2038-1-19 03:14:07
            serialnumber = 59:8A:73:7B:00:00:00:27
         sha1fingerprint = 0A:14:26:ED:C7:43:0D:30:33:98:87:24:C5:9B:A2:52:55:FE:B1:D7
    • 以下是 CSR 的示例。
                             uuid = uuid
               subject_commonname = alice.example.com
         subject_organizationname = Example Corp, Inc
             subject_localityname = Exampleton
      subject_stateorprovincename = CA
              subject_countryname = US
                              dns = alice.example.com
                               ip = ip-addr
    • 以下是由前面的 CSR 生成的 CA 签名证书。
                             uuid = uuid
               subject_commonname = alice.example.com
         subject_organizationname = Example Corp, Inc
             subject_localityname = Exampleton
      subject_stateorprovincename = CA
              subject_countryname = US
                issuer_commonname = Most Trusted Certificate
          issuer_organizationname = Totally Trustworthy Certificates, Inc
              issuer_localityname = Trustville
       issuer_stateorprovincename = AK
               issuer_countryname = US
                              dns = alice.example.com
                               ip = ip-addr
                        notbefore = 2021-3-16 17:51:19
                         notafter = 2022-3-16 17:51:19
                     serialnumber = 4F
                  sha1fingerprint = 62:FB:29:84:8C:3E:0E:C6:D2:49:88:38:F2:53:12:8D:A5:F9:96:88