security certificate azure-install
Install a Digital Certificate from Azure Key Vault
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The security certificate azure-install
command downloads and installs digital security certificates signed by a certificate authority (CA) and the public key certificate of the root CA stored on Azure Key Vault (AKV). With FIPS enabled, the following restrictions apply to the certificate getting installed. server/client/server-ca/client-ca: Key size >= 2048,server/client: Hash function (No MD-5, No SHA-1),server-ca/client-ca: (Intermediate CA), Hash Function (No MD-5, No SHA-1), server-ca/client-ca: (Root CA), Hash Function (No MD-5)
Parameters
-vserver <Vserver Name>
- Name of Vserver-
This specifies the Vserver that contains the certificate.
-cert-name <text>
- Certificate Name-
This specifies the system's internal identifier for the certificate. It must be unique within a Vserver. If not provided, it is automatically generated by the system.
-type <type of certificate>
- Type of Certificate-
This specifies the certificate type. Valid values are the following:
-
server
- includes server certificates and intermediate certificates. -
client-ca
- includes the public key certificate for the root CA of the SSL client -
server-ca
- includes the public key certificate for the root CA of the SSL server to which Data ONTAP is a client -
client
- includes a self-signed or CA-signed digital certificate and private key to be used for Data ONTAP as an SSL client
-
-key-vault-uri {scheme://(hostname|IPv4 Address|'['IPv6 Address']')…}
- Deployed Azure Key Vault DNS Name-
The DNS name of the deployed AKV.
-client-id <text>
- Application (Client) ID of Deployed Azure Application-
The ID of the client.
-tenant-id <text>
- Directory (Tenant) ID of Deployed Azure Application-
The ID of the tenant.
-authentication-method <AKV Authentication Method>
- AKV Authentication Method-
Use this parameter to specify the authentication method.
[-oauth-host <text>]
- Open Authorization Host Name-
The hostname of the OAuth server.
[-proxy-type {http|https}]
- Proxy Type-
Proxy Type.
[-proxy-host <text>]
- Proxy Host-
Proxy hostname.
[-proxy-port <integer>]
- Proxy Port-
Proxy port.
[-proxy-username <text>]
- Proxy Username-
Proxy username.
[-proxy-password <text>]
- Proxy Password-
Proxy password.
[-timeout <integer>]
- AKV Connection Timeout in Seconds-
AKV Connection Timeout in Seconds.
[-verify-host {true|false}]
- Verify the identity of the AKV host-
Set to true to verify the identity of the AKV host name.
Examples
This example installs a CA-signed certificate (along with intermediate certificates) for a Vserver named vs0.
cluster-1::> security certificate azure-install -vserver vs0 -type client -client-id client1 -tenant-id tenant1 -key-vault-uri https://samplevault.vault.azure.net -cert-name certname Enter the {0} for Azure Key Vault: