C Commands
cert-create
This command is used to create a self-signed server certificate
Syntax cert-create name name-string country country-string state state-string city city-string organization organization-string organizational-unit organizational-unit-string common-name common-name-string container zone|name
|
name name-string |
Specify the name of the certificate. |
|
country country-string |
Specify the country name (2 letter code). |
|
state state-string |
Specify the state or province name. |
|
city city-string |
Specify the city name. |
|
organization organization-string |
Specify the organization name. |
|
organizational-unit organizational-unit-string |
Specify the organizational unit name. |
|
common-name common-name-string |
Specify the common name. |
|
container zone name |
Specify the certificate zone or name. |
Defaults None
Access CLI
History Command introduced in Version 2.5.4.
Usage Use certificates to secure server connections.
Examples To create a self-signed server certificate named cert1, use the following command:
CLI network-admin@switch > CLI cert-create name cert1 country US state CA city PA organization ovs organizational-unit ou common-name Pluribus
Successfully generated self-signed certificate.
cert-delete
This command is used to delete certificates container zone|name
Syntax cert-delete name name-string
|
name name-string |
Specify the name of the certificate to delete. |
|
container zone name |
Specify the certificate zone or container name. |
Defaults None
Access CLI
History Command introduced in Version 2.5.4.
Usage Use this command to delete certificates.
Examples To successfully delete a certificate named cert1, use the following command:
CLI network-admin@switch > cert-delete name cert1
Successfully deleted all certificate files.
If you try to delete a certificate currently in use by a service, the following message displays:
CLI network-admin@switch > cert-delete name cert1
cert-delete: Certificate is being used by ovs service, cannot delete
cert-delete
cert-import
This command is used to import CA certificate files from a Simple File Transfer Protocol (SFTP) directory
Syntax cert-import
|
name name-string |
Specify a certificate name. |
|
file-ca file-ca-string |
Specify the name of CA certificate file. |
|
file-server file-server-string |
Specify the file server name. |
|
container zone name |
Specify a certificate zone name. |
|
file-inter file-inter-string |
Specify the name of intermediate CA certificate file. |
Defaults None
Access CLI
History Command introduced in Version 2.5.4.
Usage You can create one common certificate for all Netvisor services or create multiple named certificates. Each service can use a different certificate identified by name or container name or zone.The Certificate facility keeps track of certificate use by using various applications. It notifies the applications when a certificate is updated and it also prevents a certificate from deletion if an application is using it.
Examples To import a CA certificate named cert3 from file server server.pem, use the following command:
CLI network-admin@switch > cert-import name cert3 file-ca ca.pem file-server server.pem
Successfully imported certificates.
cert-request-create
This command is used to create a certificate signing request from an existing server certificate
Syntax cert-request-create container zone|name
|
name name-string |
Specify the certificate name. |
|
container zone name |
Specify the certificate zone or container name. |
Defaults None
Access CLI
History Command introduced in Version 2.5.4.
Usage
Examples To generate a certificate signing request where the certificate name is cert3, use the following command:
CLI network-admin@switch > cert-request-create name cert3
Certificate signing request successfully generated at /sftp/export/cert3-cert.csr.
cert-request-show
This command is used to display certificate signing request information.
Syntax cert-show name
|
name name-string |
Specifies the certificate name. |
|
container zone name |
Specifies the certificate zone/container name. |
|
cert-request cert-request-string |
Specifies the certificate signing request. |
Defaults None
Access CLI
History Command introduced in Version 2.5.4.
Usage You can display certificate signing request information.
Examples To display the certificate request for cert3, use the following command:
CLI network-admin@switch > cert-request-show name cert3
----------------------------------------------------------------
-----BEGIN CERTIFICATE REQUEST-----
MIICnDCCAYQCAQEwVzELMAkGA1UEBhMCdXMxCzAJBgNVBAgMAmNhMQswCQYDVQQH
DAJtcDELMAkGA1UECgwCcGwxDTALBgNVBAsMBGVuZ2cxEjAQBgNVBAMMCXBsdXJp
YnVzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMrE6Jowg0VKUw2M
NlL8vp1N8dYE/UL5pvu8FKYWgwG7tC2fjHunZCI0XmssFtZysQul/r9nk+edA5tt
0zIWRmqTB60wnWmzl6uGymeAsC9OSm0ZHFc9zZfUxKjRM/n1dOri3Pw/rODbCjM9
qwO5hsvZc/c1o3ajYFrj1yMlKDIiPW1td1VTpc5TL6wCwnDM697Yb9oQ0cbLKTDl
w5AjQSgJK29rLUl8ptAZXIUkeendpE4MCYrl6Hd+ziOJHXncj65MJyfANTZMrtGD
IJD3m+JsKZt882vMw3AZ3C9WEuE0OZrbabGBHqVKARik2qFhu2bGjlbuj/M6TOf5
Jj1WROUCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQCh1YhXRNwkwmw3FVH4H0Xi
rczy0FkyHkdSbIUIf+6n3qroRpBpcEdrx8fREyiw8hLUks9OcUlT+nSshsWIitI7
R5dcFlyo5HUVjqQQVMlSq3j4fM9XE8y8KRMZ3mfLXRTmuFPxbBuE3ZGjlBSLnBgK
ODqHF1gVa4u7l9mO3TRXczLQiAPaw38/kxEwkh4erJp4jjXf8K0h9JMGvYONYWeI
1PbiZpjIWDLNbg6sKqqrPAxEAjzGNMgNPIMXRepmEmnC/BaLVA04noZran8LRLNp
Id41o3TnlXiAodF/Mc7H5fI1hYf0YzWDSfz3PNufn6Dusu5M2ma7jtWlEdBW8huH
-----END CERTIFICATE REQUEST----
cert-show
This command is used to display certificate information.
Syntax cert-show
|
name name-string |
Specifies the certificate name. |
|
container zone name |
Specifies the certificate zone or container name. |
|
cert-type ca|intermediate|server |
Specifies the type of certificate: CA, intermediate or server. |
|
subject subject-string |
Specifies the certificate subject. |
|
issuer issuer-string |
Specifies the issuer of the certificate. |
|
serial-number serial-number-number |
Specifies the serial number of the certificate. |
|
valid-from valid-from-string |
Specifies the time from which the certificate is valid. |
|
valid-to valid-to-string |
Specifies the time at which the certificate expires and is no longer valid. |
|
country country-string |
Specifies the country name (2 letter code). |
|
state state-string |
Specifies the state or province name. |
|
city city-string |
Specifies the city name. |
|
organization organization-strings |
Specifies the organization name. |
|
organizational-unit organizational-unit-string |
Specifies the organization name. |
|
common-name common-name-string |
Specifies the common name. |
|
name name-string |
Specifies the certificate name. |
Defaults None
Access CLI
History Command introduced in Version 2.5.4.
Usage You can display all or specific information for a particular certificate.
Examples To display certificate information, use the following command:
cert-show
switch: switch1
name: myswitch1
container: vpod1-mgr
country: US
state: California
city: Palo Alto
organization: Pluribus Networks Inc
organizational-unit: Engineering
common-name: myswitch1
cert-type: server
subject: /C=US/ST=California/L=Palo Alto/O=Pluribus Networks Inc/OU=Engineering/CN=myswitch1
issuer: /C=US/ST=California/L=Palo Alto/O=Pluribus Networks Inc/OU=Engineering/CN=Pluribus Networks Test CA 2k-sha-256/emailAddress=example@pluribusnetworks.com
serial-number: 2
valid-from: Apr 20 18:28:45 2017 GMT
valid-to: Apr 20 18:28:45 2018 GMT