10.5.1 Using a Self-Signed Certificate

A security certificate must be signed by a trusted certificate authority (CA) for ExaCLI to accept it without a warning.

When ExaCLI connects to a remote cell or compute node that does not have a security certificate signed by a trusted CA, a warning message is generated requesting the user to verify the certificate. When verified, ExaCLI remembers the security certificate and the users are not prompted to verify the certificate again for subsequent commands.

Every cell and compute node is automatically configured with a self-signed certificate during installation or Management Server (MS) deployment. Also, you can choose to use a different user-generated self-signed certificate if desired. For example, you may choose to generate a new self-signed certificate when the default certificate expires.

Example of accepting a self-signed security certificate (non-CA certificate):

$ exacli -l celladministrator --cookie-jar -c cell01
This connection is unsecure. You have asked ExaCLI to connect to cell cell01 securely.
The identity of cell01 cannot be verified.
Got certificate from server:
CN=cell01,OU=Oracle Exadata,O=Oracle Corporation,L=Redwood City,ST=California,C=US
Do you want to accept and store this certificate? (Press y/n)
y