Skip to main content

security certificate config modify

Contributors
Suggest changes

Modify the certificate management configurations

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

This command modifies the certificate management configuration information for the cluster.

Parameters

[-min-security-strength <bits of security strength>] - Minimum Security Strength

Use this parameter to modify the allowed minimum security strength for certificates. The security bits mapping to RSA and ECDSA key length are as follows:

            Security Bits   Asymmetric Key Length   Elliptic Curve Key Length
            112	            2048	                224
            128	            3072	                256
            192	            4096	                384
FIPS supported values are restricted to 112 and 128.

+
NOTE: This does not affect root CA certificates.

+

[-expiration-warn-threshold <integer>] - Minimum Days to EMS for Expiring Certificates

Use this parameter to modify the number of days prior to certificate expiration the system sends a warning EMS event.

Examples

The following example modifies the minimum security strength allowed for certificates.

cluster-1::> security certificate config modify -min-security-strength 192