security certificate config modify
Contributors
Suggest changes
Modify the certificate management configurations
Availability: This command is available to cluster administrators at the advanced privilege level.
Description
This command modifies the certificate management configuration information for the cluster.
Parameters
[-min-security-strength <bits of security strength>]
- Minimum Security Strength-
Use this parameter to modify the allowed minimum security strength for certificates. The security bits mapping to RSA and ECDSA key length are as follows:
Security Bits Asymmetric Key Length Elliptic Curve Key Length 112 2048 224 128 3072 256 192 4096 384
FIPS supported values are restricted to 112 and 128.
+
NOTE: This does not affect root CA certificates.
+
[-expiration-warn-threshold <integer>]
- Minimum Days to EMS for Expiring Certificates-
Use this parameter to modify the number of days prior to certificate expiration the system sends a warning EMS event.
Examples
The following example modifies the minimum security strength allowed for certificates.
cluster-1::> security certificate config modify -min-security-strength 192