Oracle^® ZFS Storage Appliance 管理指南，发行版 OS8.8.x

查看 CSR 和证书详细信息 (CLI)

使用此过程可查看 CSR 和证书详细信息。

系统证书可以是自动生成的基于域或 IP 地址的证书、自动生成的基于 ASN 的证书或 CA 签名的证书。

1. 转到 configuration settings certificates system。
2. 输入 list 命令。

   如果尚未删除它们，则应至少看到一个基于域或 IP 地址自动生成的证书，以及恰好一个基于设备序列号 (Appliance Serial Number, ASN) UUID 自动生成的证书。

   hostname:configuration settings certificates system> list
   CERT     TYPE SUBJECT COMMON NAME   ISSUER COMMON NAME     NOT AFTER
   cert-002 cert alice.example.com...  alice.example.com... 2038-1-19
   cert-001 cert 17f5fdce-6d64-4736... 17f5fdce-6d64-4736-... 2038-1-19

3. 使用 get 命令查看 CSR 或证书的详细信息。
   • 以下是自动生成的基于 ASN 的证书示例。

     在以下示例中，subject_commonname、issuer_commonname 和 dirname（标识名）的值为 ASN UUID。对于群集，dirname 包括每个对等设备的 ASN UUID。

     hostname:configuration settings certificates system> select cert-001
     hostname:configuration settings certificates system cert-002> get
                   uuid = uuid
     subject_commonname = 17f5fdce-6d64-4736-882c-bff99680bce6
      issuer_commonname = 17f5fdce-6d64-4736-882c-bff99680bce6
                dirname = 17f5fdce-6d64-4736-882c-bff99680bce6,a040a259-53b0-4967-8b71-f65e7fbd8bed
                comment = Automatically generated
              notbefore = 2006-2-15 18:00
               notafter = 2038-1-19 03:14:07
             rialnumber = 5D:DD:79:C5:00:00:00:03
          a1fingerprint = 60:AF:B4:EB:63:B3:E4:76:E0:90:C6:DD:93:7C:F8:61:71:E4:67:68

   • 以下是自动生成的常规证书的示例。

     hostname:configuration settings certificates system> select cert-002
     hostname:configuration settings certificates system cert-002> get
                   uuid = uuid
     subject_commonname = alice.example.com
      issuer_commonname = alice.example.com
                    dns = alice.example.com,alice,ip-addr
                     ip = ip-addr
                    uri = https://alice.example.com:215,https://alice:215,https://ip-addr
                comment = Automatically generated
              notbefore = 2006-2-15 18:00
               notafter = 2038-1-19 03:14:07
           serialnumber = 59:8A:73:7B:00:00:00:27
        sha1fingerprint = 0A:14:26:ED:C7:43:0D:30:33:98:87:24:C5:9B:A2:52:55:FE:B1:D7

   • 以下是 CSR 的示例。

                            uuid = uuid
              subject_commonname = alice.example.com
        subject_organizationname = Example Corp, Inc
            subject_localityname = Exampleton
     subject_stateorprovincename = CA
             subject_countryname = US
                             dns = alice.example.com
                              ip = ip-addr

   • 以下是由前面的 CSR 生成的 CA 签名证书。

                            uuid = uuid
              subject_commonname = alice.example.com
        subject_organizationname = Example Corp, Inc
            subject_localityname = Exampleton
     subject_stateorprovincename = CA
             subject_countryname = US
               issuer_commonname = Most Trusted Certificate
         issuer_organizationname = Totally Trustworthy Certificates, Inc
             issuer_localityname = Trustville
      issuer_stateorprovincename = AK
              issuer_countryname = US
                             dns = alice.example.com
                              ip = ip-addr
                       notbefore = 2021-3-16 17:51:19
                        notafter = 2022-3-16 17:51:19
                    serialnumber = 4F
                 sha1fingerprint = 62:FB:29:84:8C:3E:0E:C6:D2:49:88:38:F2:53:12:8D:A5:F9:96:88