security certificate show-user-installed
Display user installed certificates
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command displays information about the user installed digital certificates. Some details are displayed only when you use the command with the -instance parameter. In systems upgraded to Data ONTAP 9.4 or later, existing Data ONTAP generated certificates will also be shown as part of this command.
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the
-fields <fieldname>, …
parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify. - |
[-instance ]
} -
If you specify the
-instance
parameter, the command displays detailed information about all fields. [-vserver <Vserver Name>]
- Name of Vserver-
Selects the Vserver whose digital certificates you want to display.
[-common-name <FQDN or Custom Common Name>]
- FQDN or Custom Common Name-
Selects the certificates that match this parameter value.
[-serial <text>]
- Serial Number of Certificate-
Selects the certificates that match this parameter value.
[-ca <text>]
- Certificate Authority-
Selects the certificates that match this parameter value.
[-type <type of certificate>]
- Type of Certificate-
Selects the certificates that match this parameter value.
[-subtype <kmip-cert>]
- (DEPRECATED)-Certificate Subtype-
This parameter has been deprecated in ONTAP 9.6 and may be removed in a future release of Data ONTAP. Selects the certificate subtype that matches the specified value. The valid values are as follows:
-
kmip-cert
- this is a Key Management Interoperability Protocol (KMIP) certificate
-
[-cert-name <text>]
- Unique Certificate Name-
This specifies the system's internal identifier for the certificate. It is unique within a Vserver.
[-size <size of requested certificate in bits>]
- Size of Requested Certificate in Bits-
Selects the certificates that match this parameter value.
[-start <Date>]
- Certificate Start Date-
Selects the certificates that match this parameter value.
[-expiration <Date>]
- Certificate Expiration Date-
Selects the certificates that match this parameter value.
[-public-cert <certificate>]
- Public Key Certificate-
Selects the certificates that match this parameter value.
[-country <text>]
- Country Name-
Selects the certificates that match this parameter value.
[-state <text>]
- State or Province Name-
Selects the certificates that match this parameter value.
[-locality <text>]
- Locality Name-
Selects the certificates that match this parameter value.
[-organization <text>]
- Organization Name-
Selects the certificates that match this parameter value.
[-unit <text>]
- Organization Unit-
Selects the certificates that match this parameter value.
[-email-addr <mail address>]
- Contact Administrator's Email Address-
Selects the certificates that match this parameter value.
[-protocol <protocol>]
- Protocol-
Selects the certificates that match this parameter value.
[-hash-function <hashing function>]
- Hashing Function-
Selects the certificates that match this parameter value.
[-self-signed {true|false}]
- Self-Signed Certificate-
Selects the certificates that match this parameter value.
[-is-root {true|false}]
- Is Root CA Certificate?-
Selects the certificates that match this parameter value.
[-authority-key-identifier <text>]
- Authority Key Identifier-
Selects the certificates that match this parameter value.
[-subject-key-identifier <text>]
- Subject Key Identifier-
Selects the certificates that match this parameter value.
[-rfc822-name <mail address>,…]
- Email Address SAN-
Selects the certificates that match this parameter value.
[-uri <text>,…]
- URI SAN-
Selects the certificates that match this parameter value.
[-dns-name <text>,…]
- DNS Name SAN-
Selects the certificates that match this parameter value.
[-ipaddr <IP Address>,…]
- IP Address SAN-
Selects the certificates that match this parameter value.
Examples
The examples below display information about user installed digital certificates.
cluster1::> security certificate show-user-installed Vserver Serial Number Certificate Name Type ---------- --------------- ----------------------------------------- --------- vs0 4F4E4D7B www.example.com server Certificate Authority: www.example.com Expiration Date: Thu Feb 28 16:08:28 2013
cluster1::> security certificate show-user-installed -instance Vserver: vs0 Certificate Name: www.example.com FQDN or Custom Common Name: www.example.com Serial Number of Certificate: 4F4E4D7B Certificate Authority: www.example.com Type of Certificate: server Size of Requested Certificate(bits): 2048 Certificate Start Date: Fri Apr 30 14:14:46 2010 Certificate Expiration Date: Sat Apr 30 14:14:46 2011 Public Key Certificate: -----BEGIN CERTIFICATE----- MIIDfTCCAmWgAwIBAwIBADANBgkqhkiG9w0BAQsFADBgMRQwEgYDVQQDEwtsYWIu YWJjLmNvbTELMAkGA1UEBhMCVVMxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD VQQKEwAxCTAHBgNVBAsTADEPMA0GCSqGSIb3DQEJARYAMB4XDTEwMDQzMDE4MTQ0 BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCVG7dYGe51akE14ecaCdL+LOAxUMA0G CSqGSIb3DQEBCwUAA4IBAQBJlE51pkDY3ZpsSrQeMOoWLteIR+1H0wKZOM1Bhy6Q +gsE3XEtnN07AE4npjIT0eVP0nI9QIJAbP0uPKaCGAVBSBMoM2mOwbfswI7aJoEh +XuEoNr0GOz+mltnfhgvl1fT6Ms+xzd3LGZYQTworus2 -----END CERTIFICATE----- Country Name (2 letter code): US State or Province Name (full name): California Locality Name (e.g. city): Sunnyvale Organization Name (e.g. company): example Organization Unit (e.g. section): IT Email Address (Contact Name): web@example.com Protocol: SSL Hashing Function: SHA256