Modify the certificate management configurations
Availability: This command is available to cluster administrators at the advanced privilege level.
Description
This command modifies the certificate management configuration information for the cluster.
Parameters
- [-min-security-strength <bits of security strength>] - Minimum Security Strength
- Use this parameter to modify the allowed minimum security strength for certificates. The security bits mapping to
RSA and ECDSA key length are as follows:
Security Bits Asymmetric Key Length Elliptic Curve Key Length
112 2048 224
128 3072 256
192 4096 384
FIPS supported values are restricted to 112 and 128. Note: This does not affect root CA certificates.
- [-expiration-warn-threshold <integer>] - Minimum Days to EMS for Expiring Certificates
- Use this parameter to modify the number of days prior to certificate expiration the system sends a warning EMS event.
Examples
The following example modifies the minimum security strength allowed for certificates.
cluster-1::> security certificate config modify -min-security-strength 192