Creating a Certificate Request
To create a security certificate using the CLI, type:
GENERATE CERTIFICATE REQUEST
This command generates a PKCS#10 certificate request. This certificate request can be sent to your
certification authority (CA) to obtain a PKCS#7 certificate file to use below.
To create a self-signed security certificate using the CLI, type:
GENERATE CERTIFICATE
SELFSIGNED
This command generates a self-signed PKCS#7 certificate to replace the existing SSL certificate. This
certificate is signed with the current name of the enclosure and will be valid for 10 years. Users who do
not have a certificate authority (CA) may use this certificate as a replacement.
Downloading a Security Certificate
To download a security certificate using the CLI, type:
DOWNLOAD CERTIFICATE <url>
This command downloads a CA supplied PKCS#7 file to replace the current security certificate on the
system.
Supported protocols are http, ftp, and tftp. Format the URL as: protocol://host/path/file
If your ftp server does not support anonymous connections, you can specify a username and password
by replacing the host part in the previous format:
username:password@host
Key-Based SSH Authentication
Users may install their own public SSH keys for password-less logins to the Integrated Administrators.
Only enclosure administrators can use key-based authentication. The CLI features four commands to
install and manage the authorized SSH keys.
▲
To view any current installed authorized SSH keys, type:
SHOW SSHKEY
This command shows any keys currently installed on the Integrated Administrator that are
authorized to log in using an enclosure administrator account.
▲
To view the fingerprint of the Integrated Administrator host key, type:
SHOW SSHFINGERPRINT
This command shows the fingerprint of the host key for the Integrated Administrators. Users may
compare this fingerprint with the fingerprint displayed by their SSH client when connecting to the
Integrated Administrators to guarantee the authenticity of the Integrated Administrator connection.
Users who need guaranteed authenticity will want to use the Integrated Administrator serial console
to obtain the SSH fingerprint for the first time.
▲
To clear any currently installed authorized SSH keys, type:
CLEAR SSHKEY
This command clears any authorized keys currently installed on the Integrated Administrator that
are authorized to log in. After this command has been issued, all users have to enter a valid
password in order to log in.
▲
To download and install one or more SSH keys, type:
DOWNLOAD SSHKEY <url>
110 Chapter 8 Performing Advanced Functions
ENWW