Skip to main content
A newer release of this product is available.

security key-manager external modify

Contributors
Suggest changes

Modify External Key Management

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command modifies the external key manager configuration associated with the given Vserver. This command is not supported when external key management is not enabled for the given Vserver.

Parameters

-vserver <vserver name> - Vserver Name

Use this parameter to specify the Vserver on which the key manager to be modified is located.

[-client-cert <text>] - Name of the Client Certificate

Use this parameter to modify the name of the client certificate that the key management servers use to ensure the identity of Data ONTAP. If the keys of the new certificate do not match the keys of the existing certificate, or if the TLS connectivity with key-management servers fails with the new certificate, the operation fails. Running this command in the diagnostic privilege mode ignores failures and allows the command to complete.

[-server-ca-certs <text>,…​] - Names of the Server CA Certificates

Use this parameter to modify the names of server-ca certificates that Data ONTAP uses to ensure the identity of the key management servers. Note that the list provided completely replaces the existing list of certificates. If the TLS connectivity with key-management servers fails with the new list of server-ca certificates, the operation fails. Running this command in the diagnostic privilege mode ignores failures and allows the command to complete.

Examples

The following example updates the client certificate used with the key management servers:

cluster-1::> security key-manager external modify -vserver cluster-1 -client-cert NewClientCert