sysconf regencert

Generate or regenerate the SafeNet Luna Network HSMserver certificate used for NTLS and save it to the appliance file system.

This command stores the resulting private and public keys on the file system (hard disk) inside the SafeNet appliance.

User Privileges

Users with the following privileges can perform this command:

>Admin

Syntax

sysconf regencert [<IPaddress>] [-startdate <startdate>] [-days <days>] [-force]

Argument(s) Shortcut Description
<IPaddress>  

Specifies the IP address to set as the CN of the server's NTLS certificate. If not specified, the CN will be the hostname of the SafeNet Luna Network HSM appliance, as specified by the network hostname command. See network hostname for more information.

-days <days> -d

Specifies the number of days for which the new certificate will remain valid, starting on <startdate>.

Range: 1-3653

Default: 3653 (10 years)

-force -f Force the action without prompting.
-startdate <startdate> -s Specifies the starting date upon which the certificate becomes valid, in the format YYYYMMDD. The default is 24 hours ago, to eliminate possible time zone mismatch issues if you need the certificate to be valid immediately anywhere in the world.

Example

lunash:>sysconf regencert


WARNING !!  This command will overwrite the current server certificate and private key.
            All clients will have to add this server again with this new certificate.
If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'

> proceed
Proceeding...

'sysconf regenCert' successful. The NTLS, STC and CBS services must be (re)started before clients can connect.

Please use the 'ntls show' command to ensure that NTLS is bound to an appropriate network device or IP address/hostname
for the network device(s) NTLS should be active on. Use 'ntls bind' to change this binding if necessary.


Command Result : 0 (Success)