1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Configuring the Appliance
  3. Configuring Certificates
  4. Viewing CSR and Certificate Details (CLI)

Viewing CSR and Certificate Details (CLI)

Use this procedure to view CSR and certificate details.

A system certificate can be an automatically-generated domain- or IP-address-based certificate, an automatically-generated ASN-based certificate, or a CA-signed certificate.

  1. Go to configuration settings certificates system.
  2. Enter the list command.

    If you have not deleted them, you should see at least one automatically generated certificate based on the domain or IP address, and exactly one automatically generated certificate based on the Appliance Serial Number (ASN) UUID.

    hostname:configuration settings certificates system> list
CERT     TYPE SUBJECT COMMON NAME   ISSUER COMMON NAME     NOT AFTER
cert-002 cert alice.example.com...  alice.example.com...   2038-1-19
cert-001 cert 17f5fdce-6d64-4736... 17f5fdce-6d64-4736-... 2038-1-19
  3. Use the get command to view the details of a CSR or certificate.

    • The following is an example of an automatically generated ASN-based certificate.

      In the following example, the values of subject_commonname, issuer_commonname, and dirname (distinguished name) are the ASN UUID. For a cluster, dirname includes the ASN UUID of each peer. 

      hostname:configuration settings certificates system> select cert-001
hostname:configuration settings certificates system cert-002> get
              uuid = uuid
subject_commonname = 17f5fdce-6d64-4736-882c-bff99680bce6
 issuer_commonname = 17f5fdce-6d64-4736-882c-bff99680bce6
           dirname = 17f5fdce-6d64-4736-882c-bff99680bce6,a040a259-53b0-4967-8b71-f65e7fbd8bed
           comment = Automatically generated
         notbefore = 2006-2-15 18:00
          notafter = 2038-1-19 03:14:07
        rialnumber = 5D:DD:79:C5:00:00:00:03
     a1fingerprint = 60:AF:B4:EB:63:B3:E4:76:E0:90:C6:DD:93:7C:F8:61:71:E4:67:68

    • The following is an example of an automatically generated conventional certificate.

      hostname:configuration settings certificates system> select cert-002
hostname:configuration settings certificates system cert-002> get
              uuid = uuid
subject_commonname = alice.example.com
 issuer_commonname = alice.example.com
               dns = alice.example.com,alice,ip-addr
                ip = ip-addr
               uri = https://alice.example.com:215,https://alice:215,https://ip-addr
           comment = Automatically generated
         notbefore = 2006-2-15 18:00
          notafter = 2038-1-19 03:14:07
      serialnumber = 59:8A:73:7B:00:00:00:27
   sha1fingerprint = 0A:14:26:ED:C7:43:0D:30:33:98:87:24:C5:9B:A2:52:55:FE:B1:D7

    • The following is an example of a CSR.

                             uuid = uuid
         subject_commonname = alice.example.com
   subject_organizationname = Example Corp, Inc
       subject_localityname = Exampleton
subject_stateorprovincename = CA
        subject_countryname = US
                        dns = alice.example.com
                         ip = ip-addr

    • The following is the CA-signed certificate that results from the preceding CSR.

                             uuid = uuid
         subject_commonname = alice.example.com
   subject_organizationname = Example Corp, Inc
       subject_localityname = Exampleton
subject_stateorprovincename = CA
        subject_countryname = US
          issuer_commonname = Most Trusted Certificate
    issuer_organizationname = Totally Trustworthy Certificates, Inc
        issuer_localityname = Trustville
 issuer_stateorprovincename = AK
         issuer_countryname = US
                        dns = alice.example.com
                         ip = ip-addr
                  notbefore = 2021-3-16 17:51:19
                   notafter = 2022-3-16 17:51:19
               serialnumber = 4F
            sha1fingerprint = 62:FB:29:84:8C:3E:0E:C6:D2:49:88:38:F2:53:12:8D:A5:F9:96:88