security certificate config modify

Modify the certificate management configurations

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

This command modifies the certificate management configuration information for the cluster.

Parameters

[-min-security-strength <bits of security strength>] - Minimum Security Strength
Use this parameter to modify the allowed minimum security strength for certificates. The security bits mapping to RSA and ECDSA key length are as follows:
            Security Bits   Asymmetric Key Length   Elliptic Curve Key Length
            112	            2048	                224
            128	            3072	                256
            192	            4096	                384
    
FIPS supported values are restricted to 112 and 128.
Note: This does not affect root CA certificates.
[-expiration-warn-threshold <integer>] - Minimum Days to EMS for Expiring Certificates
Use this parameter to modify the number of days prior to certificate expiration the system sends a warning EMS event.

Examples

The following example modifies the minimum security strength allowed for certificates.

cluster-1::> security certificate config modify -min-security-strength 192