security key-manager external show
Show the set of configured external key management servers.
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command displays the external key management servers configured on the cluster for a given Vserver. No entries are displayed when external key management is not enabled for the given Vserver. This command displays the primary external key management servers, along with any associated secondary key servers, configured on the cluster for a given Vserver.
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the
-fields <fieldname>, …
parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify. - |
[-instance ]
} -
If you specify the
-instance
parameter, the command displays detailed information about all fields. [-vserver <vserver name>]
- Vserver Name-
If you specify this parameter, then the command displays only the key management servers for the given Vserver.
[-key-server <text>]
- Key Server Name with port-
If you specify this parameter, then the command displays only the key management servers with the given primary key server host name or IP address listening on the given port.
[-client-cert <text>]
- Name of the Client Certificate-
If you specify this parameter, then the command displays only the key management servers using a client certificate with the given name.
[-server-ca-certs <text>,…]
- Names of the Server CA Certificates-
If you specify this parameter, then the command displays only the key management servers using server-ca certificates with the given names.
[-timeout <integer>]
- Server I/O Timeout-
If you specify this parameter, then the command displays only the key management servers using the given I/O timeout.
[-username <text>]
- Authentication User Name-
If you specify this parameter, then the command displays only the key management servers using the given authentication username.
[-policy <text>]
- Security Policy-
If you specify this parameter, then the command displays only the key management servers using the given key manager policy.
[-secondary-key-servers <text>,…]
- Secondary Key Servers-
If you specify this parameter, then the command displays only the key management servers with the given secondary key servers.
[-create-remove-timeout <integer>]
- Key Server Timeout for Create and Remove-
If you specify this parameter, then the command displays only the key management servers using the given create-remove I/O timeout.
[-enabled {true|false}]
- Is Configuration Enabled?-
If you specify this parameter, then the command displays only the key management servers that are enabled.
Examples
The following example lists all configured key management servers for all Vservers:
cluster-1::> security key-manager external show Vserver: datavs Client Certificate: datavsClientCert Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2 Security Policy: IBM_Key_Lore Enabled: true Primary Key Server ---------------------------------------------------------------------- keyserver.datavs.com:5696 Vserver: cluster-1 Client Certificate: AdminClientCert Server CA Certificates: AdminServerCaCert Security Policy: Enabled: true Primary Key Server ---------------------------------------------------------------------- 10.0.0.10:1234 Secondary Servers: ks1.local, ks2.local fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234 ks1.local:1234 4 entries were displayed.
The following example lists all configured key management servers with more detail, including timeouts and usernames:
cluster-1::> security key-manager external show -instance Vserver: datavs Client Certificate: datavsClientCert Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2 Primary Key Server: keyserver.datavs.com:5696 Timeout: 25 Username: datavsuser Security Policy: IBM_Key_Lore Enabled: true Secondary Key Servers: Vserver: cluster-1 Client Certificate: AdminClientCert Server CA Certificates: AdminServerCaCert Primary Key Server: 10.0.0.10:1234 Timeout: 25 Username: Security Policy: Enabled: true Secondary Key Servers: ks1.local, ks2.local Vserver: cluster-1 Client Certificate: AdminClientCert Server CA Certificates: AdminServerCaCert Primary Key Server: fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234 Timeout: 25 Username: Security Policy: Enabled: true Secondary Key Servers: Vserver: cluster-1 Client Certificate: AdminClientCert Server CA Certificates: AdminServerCaCert Primary Key Server: ks1.local:1234 Timeout: 45 Username: Security Policy: Enabled: true Secondary Key Servers: 4 entries were displayed.