application commands
security key-manager external modify
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
Modify External Key Management
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command modifies the external key manager configuration associated with the given Vserver. This command is not supported when external key management is not enabled for the given Vserver.
Parameters
-vserver <vserver name>- Vserver Name-
Use this parameter to specify the Vserver on which the key manager to be modified is located.
[-client-cert <text>]- Name of the Client Certificate-
Use this parameter to modify the name of the client certificate that the key management servers use to ensure the identity of Data ONTAP. If the keys of the new certificate do not match the keys of the existing certificate, or if the TLS connectivity with key-management servers fails with the new certificate, the operation fails. Running this command in the diagnostic privilege mode ignores failures and allows the command to complete.
[-server-ca-certs <text>,…]- Names of the Server CA Certificates-
Use this parameter to modify the names of server-ca certificates that Data ONTAP uses to ensure the identity of the key management servers. Note that the list provided completely replaces the existing list of certificates. If the TLS connectivity with key-management servers fails with the new list of server-ca certificates, the operation fails. Running this command in the diagnostic privilege mode ignores failures and allows the command to complete.
Examples
The following example updates the client certificate used with the key management servers:
cluster-1::> security key-manager external modify -vserver cluster-1 -client-cert NewClientCert