security certificate show-truststore
Display default truststore certificates
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command displays information about the default CA certificates that come pre-installed with ONTAP. Some details are displayed only when you use the command with the -instance parameter.
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the
-fields <fieldname>, …
parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify. - |
[-instance ]
} -
If you specify the
-instance
parameter, the command displays detailed information about all fields. [-vserver <Vserver Name>]
- Name of Vserver-
Selects the Vserver whose digital certificates you want to display.
[-common-name <FQDN or Custom Common Name>]
- FQDN or Custom Common Name-
Selects the certificates that match this parameter value.
[-serial <text>]
- Serial Number of Certificate-
Selects the certificates that match this parameter value.
[-ca <text>]
- Certificate Authority-
Selects the certificates that match this parameter value.
[-type <type of certificate>]
- Type of Certificate-
Selects the certificates that match this parameter value.
[-subtype <kmip-cert>]
- (DEPRECATED)-Certificate Subtype-
This parameter has been deprecated in ONTAP 9.6 and may be removed in a future release of ONTAP. Selects the certificate subtype that matches the specified value. The valid values are as follows:
-
kmip-cert
- this is a Key Management Interoperability Protocol (KMIP) certificate
-
[-cert-name <text>]
- Unique Certificate Name-
This specifies the system's internal identifier for the certificate. It is unique within a Vserver.
[-size <size of requested certificate in bits>]
- Size of Requested Certificate in Bits-
Selects the certificates that match this parameter value.
[-start <Date>]
- Certificate Start Date-
Selects the certificates that match this parameter value.
[-expiration <Date>]
- Certificate Expiration Date-
Selects the certificates that match this parameter value.
[-public-cert <certificate>]
- Public Key Certificate-
Selects the certificates that match this parameter value.
[-country <text>]
- Country Name-
Selects the certificates that match this parameter value.
[-state <text>]
- State or Province Name-
Selects the certificates that match this parameter value.
[-locality <text>]
- Locality Name-
Selects the certificates that match this parameter value.
[-organization <text>]
- Organization Name-
Selects the certificates that match this parameter value.
[-unit <text>]
- Organization Unit-
Selects the certificates that match this parameter value.
[-email-addr <mail address>]
- Contact Administrator's Email Address-
Selects the certificates that match this parameter value.
[-protocol <protocol>]
- Protocol-
Selects the certificates that match this parameter value.
[-hash-function <hashing function>]
- Hashing Function-
Selects the certificates that match this parameter value.
[-self-signed {true|false}]
- Self-Signed Certificate-
Selects the certificates that match this parameter value.
[-is-root {true|false}]
- Is Root CA Certificate?-
Selects the certificates that match this parameter value.
[-authority-key-identifier <text>]
- Authority Key Identifier-
Selects the certificates that match this parameter value.
[-subject-key-identifier <text>]
- Subject Key Identifier-
Selects the certificates that match this parameter value.
[-rfc822-name <mail address>,…]
- Email Address SAN-
Selects the certificates that match this parameter value.
[-uri <text>,…]
- URI SAN-
Selects the certificates that match this parameter value.
[-dns-name <text>,…]
- DNS Name SAN-
Selects the certificates that match this parameter value.
[-ipaddr <IP Address>,…]
- IP Address SAN-
Selects the certificates that match this parameter value.
Examples
The examples below display information about the pre-installed truststore digital certificates.
cluster1::> security certificate show-truststore Vserver Serial Number Certificate Name Type ---------- --------------- ----------------------------------------- --------- vs0 4F4E4D7B www.example.com server-ca Certificate Authority: www.example.com Expiration Date: Thu Feb 28 16:08:28 2013
cluster1::> security certificate show-truststore -instance Vserver: vs0 Certificate Name: www.example.com FQDN or Custom Common Name: www.example.com Serial Number of Certificate: 4F4E4D7B Certificate Authority: www.example.com Type of Certificate: server-ca Size of Requested Certificate(bits): 2048 Certificate Start Date: Fri Apr 30 14:14:46 2010 Certificate Expiration Date: Sat Apr 30 14:14:46 2011 Public Key Certificate: -----BEGIN CERTIFICATE----- MIIDfTCCAmWgAwIBAwIBADANBgkqhkiG9w0BAQsFADBgMRQwEgYDVQQDEwtsYWIu YWJjLmNvbTELMAkGA1UEBhMCVVMxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD VQQKEwAxCTAHBgNVBAsTADEPMA0GCSqGSIb3DQEJARYAMB4XDTEwMDQzMDE4MTQ0 BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCVG7dYGe51akE14ecaCdL+LOAxUMA0G CSqGSIb3DQEBCwUAA4IBAQBJlE51pkDY3ZpsSrQeMOoWLteIR+1H0wKZOM1Bhy6Q +gsE3XEtnN07AE4npjIT0eVP0nI9QIJAbP0uPKaCGAVBSBMoM2mOwbfswI7aJoEh +XuEoNr0GOz+mltnfhgvl1fT6Ms+xzd3LGZYQTworus2 -----END CERTIFICATE----- Country Name (2 letter code): US State or Province Name (full name): California Locality Name (e.g. city): Sunnyvale Organization Name (e.g. company): example Organization Unit (e.g. section): IT Email Address (Contact Name): web@example.com Protocol: SSL Hashing Function: SHA256