beautypg.com

Dell POWEREDGE M1000E User Manual

Page 926

background image

898

Fabric OS Command Reference

53-1002746-01

secCertUtil

2

Import or export a certificate.

Configure a SSL certificate file name.

Enable secure protocols.

This command takes an action and associated arguments. If only an action is specified, this command
prompts interactively for input values of the associated arguments. The command runs noninteractively
when the arguments associated with a given action are specified on the command line. When invoked
without operands, this command displays the usage.

This command is also supported in Access Gateway mode, for FCAP authentication between AG and
the switch.

NOTES

The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.

Before you import a certificate from Windows system, convert the certificate to a Unix file format with the
dos2unix utility.

OPERANDS

This command has the following operands:

genkey

Generates a public/private key pair. This is the first step in setting up a third-party
certificate. The following operands are optional; when omitted, the command
prompts interactively for input values to these operands.

-keysize 1024 | 2048

Specifies the size of the key. Valid values are 1024 or 2048 bits. The greater the
value, the more secure is the connection; however, performance degrades with
size. The keys are generated only after all existing CSRs and certificates have
been deleted.

-nowarn

Specifies that no warning is given when overwriting or deleting data. If this
operand is omitted, the command prompts for confirmation before existing CSRs
and certificates are deleted.

delkey

Deletes all public/private key pairs with the exception of Encryption-related
certificates and key pairs. This command prompts for confirmation unless
-nowarn is specified.

-nowarn

Executes the delete operation without confirmation.

-all

Deletes all public/private key pairs including Encryption-related certificates and
key pairs.

gencsr

Generates a new CSR for the switch. This is the second step in setting up a
third-party certificate. The following operands are optional; if omitted, the
command prompts for answers to a series of questions. If only one or a few
operands are specified. the command prompts for input to the remaining
questions. When all questions are answered, a CSR is generated and placed in a
file named ip_address.csr, where ip_address is the IP address of the switch.

-country country code

Specifies the country. Provide a two-letter country code, for example, US.

-state state

Specifies the state. Provide the full name, for example, California. If the state
consists of multiple words, it must be enclosed in double quotes.