- Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
- Configuring the Appliance
- Configuring Certificates
- Creating a New Server Certificate (CLI)
Creating a New Server Certificate (CLI)
Use this procedure to create a new server certificate.
- Go to
configuration settings certificates system
. -
Create a new CSR.
Either add a new CSR or copy an existing CSR.
-
To add a new CSR, enter the
create
command. -
To create a new CSR based on an existing CSR or certificate, do the following:
-
Enter the
list
command to view the certificates table. -
Enter the
clone cert
command, where cert is a value from theCERT
column of the table.hostname:configuration settings certificates system> clone cert-001
-
-
- Complete the CSR form.
hostname:configuration settings certificates system (uncommitted)> get subject_commonname = hostname.us.example.com subject_organizationname = (unset) subject_organizationalunitname = (unset) subject_localityname = (unset) subject_stateorprovincename = (unset) subject_countryname = (unset) subject_emailaddress = (unset) dns = hostname.us.example.com ip = ip-addr uri = (unset) dirname = (unset) comment = (unset) hostname:configuration settings certificates system (uncommitted)> set comment="test" comment = test (uncommitted) hostname:configuration settings certificates system (uncommitted)> commit
-
View the CSR.
- Enter the
list
command to see your new CSR in the table.hostname:configuration settings certificates system> list CERT TYPE SUBJECT COMMON NAME ISSUER COMMON NAME NOT AFTER cert-002 req hostname.us.example.com cert-001 cert hostname.us.example.com CA 2023-1-25 cert-000 cert 3ebff8d2-58f6-4de4-a2c... 3ebff8d2-58f6-4de4-a2c... 2038-1-19
- Enter the
dump cert
command, wherecert
is your new CSR in the table.hostname:configuration settings certificates system> dump cert-002 -----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----
- Enter the
- Copy the CSR and transfer it to your CA in the prescribed manner.
-
Import the signed certificate.
After you receive the signed certificate from the CA, do the following:
- Go to
configuration settings certificates system
. - Enter the
import
command. -
At the prompt, paste the signed certificate.
hostname:configuration settings certificates system> import ("." to end)> -----BEGIN CERTIFICATE----- ... ("." to end)> -----END CERTIFICATE----- ("." to end)> .
- Go to
-
Verify the imported certificate.
- Enter the
list
command to see your new signed certificate in the table. - Enter
select cert
and then enterget
to view the properties of the certificate. - Enter
done
and then enterdump cert
to view the certificate.
- Enter the