Index  |  Top  -  Up Data ONTAP 8.2

security certificate create

Create and Install a Self-Signed Digital Certificate

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command creates and installs a self-signed digital certificate, which can be used either for server authentication or for signing other certificates by acting as certificate authority (CA). The certificate function is selected by the -type field. Self-signed digital certificates are not as secure as certificates signed by a certificate authority (CA). Therefore, they are not recommended in a production environment.

Parameters

-vserver <vserver name> - Name of Vserver

This specifies the name of the Vserver on which the certificate will exist.

-common-name <FQDN or Custom Common Name> - FQDN or Custom Common Name

This specifies the desired certificate name as a fully qualified domain name (FQDN) or custom common name or the name of a person.

-type <type of certificate> - Type of Certificate

This specifies the type of certificate, either server or root-ca. The server type creates and installs a self-signed digital certificate to be used for server authentication, whereas root-ca creates and installs a self-signed digital certificate to sign other certificates by acting as certificate authority (CA).

-size <size of requested certificate in bits> - Size of Requested Certificate in Bits

This specifies the number of bits in the private key. The larger the value, the more secure is the key. The default is 2048. Possible values include 512, 1024, 1536 and 2048.

-country <text> - Country Name

This specifies the country where the Vserver resides. The country name is a two-letter code. The default is US. Here is the list of country codes: Country Codes

-state <text> - State or Province Name

This specifies the state or province where the Vserver resides.

-locality <text> - Locality Name

This specifies the locality where the Vserver resides. For example, the name of a city.

-organization <text> - Organization Name

This specifies the organization where the Vserver resides. For example, the name of a company.

-unit <text> - Organization Unit

This specifies the unit where the Vserver resides. For example, the name of a section or a department within a company.

-email-addr <mail address> - Contact Administrator's Email Address

This specifies the email address of the contact administrator for the Vserver.

-expire-days <integer> - Number of Days until Expiration

This specifies the number of days until the certificate expires. The default is 365 days. Possible values are between 1 and 36510.

-hash-function <hashing function> - Hashing Function

This specifies the cryptographic hashing function for signing the certificate. The default is SHA256. Possible values include SHA1, SHA256 and MD5.

Examples

This example creates a server type, self-signed digital certificate for a Vserver named vs0 at a company whose custom common name is www.example.com and whose Vserver name is vs0.

cluster1::> security certificate create -vserver vs0 -common-name www.example.com -type server

This example creates a root-ca type, self-signed digital certificate with a 2048-bit private key generated by the SHA256 hashing function that will expire in 365 days for a Vserver named vs0 for use by the Software group in IT at a company whose custom common name is www.example.com, located in Sunnyvale, California, USA. The email address of the contact administrator who manages the Vserver is web@example.com.

cluster1::> security certificate create -vserver vs0 -common-name www.example.com -type root-ca -size 2048 -country US -state California -locality Sunnyvale -organization IT -unit Software -email-addr web@example.com -expire-days 365 -hash-function SHA256
Index  |  Top  -  Up Data ONTAP 8.2
©2016 NetApp Contact Us How to Buy Feedback Careers Legal Privacy Policy Subscriptions (RSS)|