Skip to main content
A newer release of this product is available.

security key-manager external show

Contributors
Suggest changes
PDFs

Show the set of configured external key management servers.

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command displays the external key management servers configured on the cluster for a given Vserver. No entries are displayed when external key management is not enabled for the given Vserver.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <vserver name>] - Vserver Name

If you specify this parameter, then the command displays the key management servers for only the given Vserver.

[-key-server <text>] - Key Server Name with port

If you specify this parameter, then the command displays only the given key management server with the given host name or IP address listening on the given port.

[-client-cert <text>] - Name of the Client Certificate

If you specify this parameter, then the command displays only the key management servers using a client certificate with the given name.

[-server-ca-certs <text>,…​] - Names of the Server CA Certificates

If you specify this parameter, then the command displays only the key management servers using server-ca certificates with the given names.

[-timeout <integer>] - Server I/O Timeout

If you specify this parameter, then the command displays only the key management servers using the given I/O timeout.

[-username <text>] - Authentication User Name

If you specify this parameter, then the command displays only the key management servers using the given authentication username.

[-policy <text>] - Security Policy

If you specify this parameter, then the command displays only the key management servers using the given key manager policy.

Examples

The following example lists all configured key management servers for all Vservers:

cluster-1::> security key-manager external show
Vserver: datavs
       Client Certificate: datavsClientCert
   Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2
          Security Policy: IBM_Key_Lore

Key Server
--------------------------------------------
keyserver.datavs.com:5696
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
          Security Policy:
Key Server
--------------------------------------------
10.0.0.10:1234
fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234
ks1.local:1234
4 entries were displayed.

The following example lists all configured key management servers with more detail, including timeouts and usernames:

cluster-1::> security key-manager external show -instance
Vserver: datavs
       Client Certificate: datavsClientCert
   Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2
               Key Server: keyserver.datavs.com:5696
                  Timeout: 25
                 Username: datavsuser
          Security Policy: IBM_Key_Lore
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
               Key Server: 10.0.0.10:1234
                  Timeout: 25
                 Username:
          Security Policy:
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
               Key Server: fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234
                  Timeout: 25
                 Username:
          Security Policy:
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
               Key Server: ks1.local:1234
                  Timeout: 45
                 Username:
          Security Policy:
4 entries were displayed.