1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Configuring the Appliance
  3. Configuring Certificates
  4. Creating a New Server Certificate (CLI)

Creating a New Server Certificate (CLI)

Use this procedure to create a new server certificate.

  1. Go to configuration settings certificates system.
  2. Create a new CSR.

    Either add a new CSR or copy an existing CSR.

    • To add a new CSR, enter the create command.

    • To create a new CSR based on an existing CSR or certificate, do the following:

      1. Enter the list command to view the certificates table.

      2. Enter the clone cert command, where cert is a value from the CERT column of the table. 

        hostname:configuration settings certificates system> clone cert-001
  3. Complete the CSR form.
    hostname:configuration settings certificates system (uncommitted)> get   
            subject_commonname = hostname.us.example.com
      subject_organizationname = (unset)
subject_organizationalunitname = (unset)
          subject_localityname = (unset)
   subject_stateorprovincename = (unset)
           subject_countryname = (unset)
          subject_emailaddress = (unset)
                           dns = hostname.us.example.com
                            ip = ip-addr
                           uri = (unset)
                       dirname = (unset)
                       comment = (unset)
hostname:configuration settings certificates system (uncommitted)> set comment="test"
                       comment = test (uncommitted)
hostname:configuration settings certificates system (uncommitted)> commit
  4. View the CSR.
    1. Enter the list command to see your new CSR in the table. 
      hostname:configuration settings certificates system> list
CERT     TYPE SUBJECT COMMON NAME       ISSUER COMMON NAME        NOT AFTER
cert-002 req  hostname.us.example.com
cert-001 cert hostname.us.example.com   CA                        2023-1-25
cert-000 cert 3ebff8d2-58f6-4de4-a2c... 3ebff8d2-58f6-4de4-a2c... 2038-1-19
    2. Enter the dump cert command, where cert is your new CSR in the table.
      hostname:configuration settings certificates system> dump cert-002
-----BEGIN CERTIFICATE REQUEST-----
...
-----END CERTIFICATE REQUEST-----
  5. Copy the CSR and transfer it to your CA in the prescribed manner.
  6. Import the signed certificate.

    After you receive the signed certificate from the CA, do the following:

    1. Go to configuration settings certificates system.
    2. Enter the import command.
    3. At the prompt, paste the signed certificate. 
      hostname:configuration settings certificates system> import
("." to end)> -----BEGIN CERTIFICATE-----
...
("." to end)> -----END CERTIFICATE-----
("." to end)> .
  7. Verify the imported certificate.
    1. Enter the list command to see your new signed certificate in the table.
    2. Enter select cert and then enter get to view the properties of the certificate.
    3. Enter done and then enter dump cert to view the certificate.