Index  |  Top  -  Up Data ONTAP 8.3

security ssl modify

Modify the SSL configuration for HTTP servers

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command modifies the configuration of encrypted HTTP (SSL) for Vservers in the cluster. Depending on the requirements of the individual node's or cluster's web services (displayed by the vserver services web show command), this encryption might or might not be used. If the Vserver does not have a certificate associated with it, SSL will not be available.

Parameters

-vserver <vserver name> - Vserver

Identifies a Vserver for hosting SSL-encrypted web services.

[-ca <text>] - Server Certificate Issuing CA

Identifies a Certificate Authority (CA) of a certificate to be associated with the instance of a given Vserver. If this parameter, along with serial, is omitted during modification, a self-signed SSL certificate can be optionally generated for that Vserver.

[-serial <text>] - Server Certificate Serial Number

Identifies a serial number of a certificate to be associated with the instance of a given Vserver. If this parameter, along with ca, is omitted during modification, a self-signed SSL certificate can be optionally generated for that Vserver.

[-common-name <FQDN or Custom Common Name>] - Server Certificate Common Name

Identifies the common name (CN) of a certificate to be associated with the instance of a given Vserver. This parameter becomes optional if serial and ca are specified. You can use the security certificate create and security certificate install commands to add new certificates to Vservers.
Note:

[-server-enabled {true|false}] - SSL Server Authentication Enabled

Defines the working condition of SSL server authentication in an instance of the Vserver. Any Vserver with a valid certificate of type server is server-enabled.

[-client-enabled {true|false}] - SSL Client Authentication Enabled

Defines the working condition of SSL client authentication in an instance of the Vserver. Any Vserver with a valid certificate of type client-ca is client-enabled. It can only be enabled if server-enabled is true.

Examples

The following example enables SSL server authentication for a Vserver named vs0 with a certificate that has ca as www.example.com and serial as 4F4EB629.

cluster1::> security ssl modify -vserver vs0 -ca www.example.com -serial 4F4EB629 -server-enabled true 

The following example disables SSL server authentication for a Vserver name vs0.

cluster1::> security ssl modify -vserver vs0 -server-enabled false 

The following example enables SSL client authentication for a Vserver named vs0.

cluster1::> security ssl modify -vserver vs0 -client-enabled true 

The following example disables SSL client authentication for a Vserver named vs0.

cluster1::> security ssl modify -vserver vs0 -client-enabled false 

See Also

security certificate create   security certificate install   vserver services web show  
Index  |  Top  -  Up Data ONTAP 8.3

Copyright © 1994-2015 NetApp, Inc. Legal Information