vserver nfs tls interface modify
Modify the TLS configuration of an NFS server
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver nfs tls interface modify
command modifies a TLS configuration for NFS. An NFS TLS configuration is associated with both a Vserver and a logical interface.
Parameters
-vserver <vserver name>
- Vserver-
This parameter specifies the Vserver associated with the NFS TLS configuration you want to modify.
-lif <text>
- Logical Interface-
This parameter specifies the name of the logical interface associated with the NFS TLS configuration you want to modify.
[-status {enabled|disabled}]
- TLS Status-
This optional parameter specifies whether to enable or disable TLS for NFS on the specified Vserver and logical interface. If you specify a value of
enable
, you must also specify the -certificate-name parameter. [-certificate-name <text>]
- TLS Certificate Name-
This optional parameter specifies the name of a certificate to be associated with the instance of a given Vserver and logical interface. If you specify a value of
enable
for the-status
parameter, you must also specify this parameter.The use of self-signed SSL certificates exposes users to man-in-the-middle security attacks. Where possible, obtain a certificate that is signed by a reputable certificate authority (CA) and use the security certificate install command to configure it before enabling TLS on a Vserver and LIF.
Examples
The following example enables the NFS TLS configuration on a Vserver named vs0 and a logical interface named datalif1. The certificate-name is datalif1.example.com
clus1::> vserver nfs tls interface modify -vserver vs0 -lif datalif1 -status enabled -certificate-name datalif1.example.com