security certificate show-truststore

Display default truststore certificates

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command displays information about the default CA certificates that come pre-installed with Data ONTAP. Some details are displayed only when you use the command with the -instance parameter.

Parameters

{ [-fields <fieldname>, ...]
If you specify the -fields <fieldname>, ... parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
| [-instance ]}
If you specify the -instance parameter, the command displays detailed information about all fields.
[-vserver <Vserver Name>] - Name of Vserver
Selects the Vserver whose digital certificates you want to display.
[-common-name <FQDN or Custom Common Name>] - FQDN or Custom Common Name
Selects the certificates that match this parameter value.
[-serial <text>] - Serial Number of Certificate
Selects the certificates that match this parameter value.
[-ca <text>] - Certificate Authority
Selects the certificates that match this parameter value.
[-type <type of certificate>] - Type of Certificate
Selects the certificates that match this parameter value.
[-subtype <kmip-cert>] - Certificate Subtype
Selects the certificate subtype that matches the specified value. The valid values are as follows:
  • kmip-cert - this is a Key Management Interoperability Protocol (KMIP) certificate
[-size <size of requested certificate in bits>] - Size of Requested Certificate in Bits
Selects the certificates that match this parameter value.
[-start <Date>] - Certificate Start Date
Selects the certificates that match this parameter value.
[-expiration <Date>] - Certificate Expiration Date
Selects the certificates that match this parameter value.
[-public-cert <certificate>] - Public Key Certificate
Selects the certificates that match this parameter value.
[-country <text>] - Country Name
Selects the certificates that match this parameter value.
[-state <text>] - State or Province Name
Selects the certificates that match this parameter value.
[-locality <text>] - Locality Name
Selects the certificates that match this parameter value.
[-organization <text>] - Organization Name
Selects the certificates that match this parameter value.
[-unit <text>] - Organization Unit
Selects the certificates that match this parameter value.
[-email-addr <mail address>] - Contact Administrator's Email Address
Selects the certificates that match this parameter value.
[-protocol <protocol>] - Protocol
Selects the certificates that match this parameter value.
[-hash-function <hashing function>] - Hashing Function
Selects the certificates that match this parameter value.
[-self-signed {true|false}] - Self-Signed Certificate
Selects the certificates that match this parameter value.
[-cert-name <text>] - Unique Certificate Name
This specifies the system's internal identifier for the certificate. It is unique within a Vserver.

Examples

The examples below display information about the pre-installed truststore digital certificates.

cluster1::> security certificate show-truststore

Vserver    Serial Number   Certificate Name                          Type
---------- --------------- ----------------------------------------- ---------
vs0        4F4E4D7B        www.example.com        server-ca
    Certificate Authority: www.example.com
          Expiration Date: Thu Feb 28 16:08:28 2013

cluster1::> security certificate show-truststore -instance
                             Vserver: vs0
                    Certificate Name: www.example.com
          FQDN or Custom Common Name: www.example.com
        Serial Number of Certificate: 4F4E4D7B
               Certificate Authority: www.example.com
                 Type of Certificate: server-ca
 Size of Requested Certificate(bits): 2048
              Certificate Start Date: Fri Apr 30 14:14:46 2010
         Certificate Expiration Date: Sat Apr 30 14:14:46 2011
              Public Key Certificate: -----BEGIN CERTIFICATE-----
                                      MIIDfTCCAmWgAwIBAwIBADANBgkqhkiG9w0BAQsFADBgMRQwEgYDVQQDEwtsYWIu
                                      YWJjLmNvbTELMAkGA1UEBhMCVVMxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD
                                      VQQKEwAxCTAHBgNVBAsTADEPMA0GCSqGSIb3DQEJARYAMB4XDTEwMDQzMDE4MTQ0
                                      BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCVG7dYGe51akE14ecaCdL+LOAxUMA0G
                                      CSqGSIb3DQEBCwUAA4IBAQBJlE51pkDY3ZpsSrQeMOoWLteIR+1H0wKZOM1Bhy6Q
                                      +gsE3XEtnN07AE4npjIT0eVP0nI9QIJAbP0uPKaCGAVBSBMoM2mOwbfswI7aJoEh
                                      +XuEoNr0GOz+mltnfhgvl1fT6Ms+xzd3LGZYQTworus2
                                      -----END CERTIFICATE-----
        Country Name (2 letter code): US
  State or Province Name (full name): California
           Locality Name (e.g. city): Sunnyvale
    Organization Name (e.g. company): example
    Organization Unit (e.g. section): IT
        Email Address (Contact Name): web@example.com
                            Protocol: SSL
                    Hashing Function: SHA256