C Commands

cert-create

This command is used to create a self-signed server certificate

Syntax   cert-create name name-string country country-string state state-string city city-string organization organization-string organizational-unit organizational-unit-string common-name common-name-string container zone|name

name name-string

Specify the name of the certificate.

country country-string

Specify the country name (2 letter code).

state state-string

Specify the state or province name.

city city-string

Specify the city name.

organization organization-string

Specify the organization name.

organizational-unit organizational-unit-string

Specify the organizational unit name.

common-name common-name-string

Specify the common name.

container zone name

Specify the certificate zone or name.

Defaults   None

Access   CLI

History   Command introduced in Version 2.5.4.

Usage   Use certificates to secure server connections.

Examples  To create a self-signed server certificate named cert1, use the following command:

CLI network-admin@switch > CLI cert-create name cert1 country US state CA city PA organization ovs organizational-unit ou common-name Pluribus

Successfully generated self-signed certificate.

cert-delete

This command is used to delete certificates container zone|name

Syntax   cert-delete name name-string

name name-string

Specify the name of the certificate to delete.

container zone name

Specify the certificate zone or container name.

Defaults   None

Access   CLI

History   Command introduced in Version 2.5.4.

Usage   Use this command to delete certificates.

Examples  To successfully delete a certificate named cert1, use the following command:

CLI network-admin@switch > cert-delete name cert1

Successfully deleted all certificate files.

If you try to delete a certificate currently in use by a service, the following message displays:

CLI network-admin@switch > cert-delete name cert1

cert-delete: Certificate is being used by ovs service, cannot delete

cert-delete

 

cert-import

This command is used to import CA certificate files from a Simple File Transfer Protocol (SFTP) directory

Syntax   cert-import

name name-string

Specify a certificate name.

file-ca file-ca-string

Specify the name of CA certificate file.

file-server file-server-string

Specify the file server name.

container zone name

Specify a certificate zone name.

file-inter file-inter-string

Specify the name of intermediate CA certificate file.

Defaults   None

Access   CLI

History   Command introduced in Version 2.5.4.

Usage   You can create one common certificate for all Netvisor services or create multiple named certificates. Each service can use a different certificate identified by name or container name or zone.The Certificate facility keeps track of certificate use by using various applications. It notifies the applications when a certificate is updated and it also prevents a certificate from deletion if an application is using it.

Examples  To import a CA certificate named cert3 from file server server.pem, use the following command:

CLI network-admin@switch > cert-import name cert3 file-ca ca.pem file-server server.pem

Successfully imported certificates.

cert-request-create

This command is used to create a certificate signing request from an existing server certificate

Syntax   cert-request-create container zone|name

name name-string

Specify the certificate name.

container zone name

Specify the certificate zone or container name.

Defaults   None

Access   CLI

History   Command introduced in Version 2.5.4.

Usage   

Examples  To generate a certificate signing request where the certificate name is cert3, use the following command:

CLI network-admin@switch > cert-request-create name cert3

Certificate signing request successfully generated at /sftp/export/cert3-cert.csr.

cert-request-show

This command is used to display certificate signing request information.

Syntax   cert-show name

name name-string

Specifies the certificate name.

container zone name

Specifies the certificate zone/container name.

cert-request cert-request-string

Specifies the certificate signing request.

Defaults   None

Access   CLI

History   Command introduced in Version 2.5.4.

Usage   You can display certificate signing request information.

Examples  To display the certificate request for cert3, use the following command:

CLI network-admin@switch > cert-request-show name cert3

----------------------------------------------------------------

-----BEGIN CERTIFICATE REQUEST-----                              

MIICnDCCAYQCAQEwVzELMAkGA1UEBhMCdXMxCzAJBgNVBAgMAmNhMQswCQYDVQQH

DAJtcDELMAkGA1UECgwCcGwxDTALBgNVBAsMBGVuZ2cxEjAQBgNVBAMMCXBsdXJp

YnVzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMrE6Jowg0VKUw2M

NlL8vp1N8dYE/UL5pvu8FKYWgwG7tC2fjHunZCI0XmssFtZysQul/r9nk+edA5tt

0zIWRmqTB60wnWmzl6uGymeAsC9OSm0ZHFc9zZfUxKjRM/n1dOri3Pw/rODbCjM9

qwO5hsvZc/c1o3ajYFrj1yMlKDIiPW1td1VTpc5TL6wCwnDM697Yb9oQ0cbLKTDl

w5AjQSgJK29rLUl8ptAZXIUkeendpE4MCYrl6Hd+ziOJHXncj65MJyfANTZMrtGD

IJD3m+JsKZt882vMw3AZ3C9WEuE0OZrbabGBHqVKARik2qFhu2bGjlbuj/M6TOf5

Jj1WROUCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQCh1YhXRNwkwmw3FVH4H0Xi

rczy0FkyHkdSbIUIf+6n3qroRpBpcEdrx8fREyiw8hLUks9OcUlT+nSshsWIitI7

R5dcFlyo5HUVjqQQVMlSq3j4fM9XE8y8KRMZ3mfLXRTmuFPxbBuE3ZGjlBSLnBgK

ODqHF1gVa4u7l9mO3TRXczLQiAPaw38/kxEwkh4erJp4jjXf8K0h9JMGvYONYWeI

1PbiZpjIWDLNbg6sKqqrPAxEAjzGNMgNPIMXRepmEmnC/BaLVA04noZran8LRLNp

Id41o3TnlXiAodF/Mc7H5fI1hYf0YzWDSfz3PNufn6Dusu5M2ma7jtWlEdBW8huH

-----END CERTIFICATE REQUEST----

cert-show

This command is used to display certificate information.

Syntax   cert-show

name name-string

Specifies the certificate name.

container zone name

Specifies the certificate zone or container name.

cert-type ca|intermediate|server

Specifies the type of certificate: CA, intermediate or server.

subject subject-string

Specifies the certificate subject.

issuer issuer-string

Specifies the issuer of the certificate.

serial-number serial-number-number

Specifies the serial number of the certificate.

valid-from valid-from-string

Specifies the time from which the certificate is valid.

valid-to valid-to-string

Specifies the time at which the certificate expires and is no longer valid.

country country-string

Specifies the country name (2 letter code).

state state-string

Specifies the state or province name.

city city-string

Specifies the city name.

organization organization-strings

Specifies the organization name.

organizational-unit organizational-unit-string

Specifies the organization name.

common-name common-name-string

Specifies the common name.

name name-string

Specifies the certificate name.

Defaults   None

Access   CLI

History   Command introduced in Version 2.5.4.

Usage   You can display all or specific information for a particular certificate.

Examples  To display certificate information, use the following command:

cert-show

switch:              switch1

name:                myswitch1

container:           vpod1-mgr

country:             US

state:               California

city:                Palo Alto

organization:        Pluribus Networks Inc

organizational-unit: Engineering

common-name:         myswitch1

cert-type:           server

subject:             /C=US/ST=California/L=Palo Alto/O=Pluribus Networks Inc/OU=Engineering/CN=myswitch1

issuer:              /C=US/ST=California/L=Palo Alto/O=Pluribus Networks Inc/OU=Engineering/CN=Pluribus Networks Test CA 2k-sha-256/emailAddress=example@pluribusnetworks.com

serial-number:       2

valid-from:          Apr 20 18:28:45 2017 GMT

valid-to:            Apr 20 18:28:45 2018 GMT