Home > |
---|
Generate server certificate in software. This command generates or re-generates the SafeNet appliance server certificate used for NTLS in the SafeNet appliance file system.
If you are using a system with DNS, you should not specify an IP address. If you are using a system that does not use DNS, you should specify the IP address of eth0 so that the certificate will be properly generated.
It is very important that the certificates are properly generated or NTLS will not work.
This command stores the resulting private and public keys, and the certificate generated from them, on the file system (hard disk) inside the SafeNet appliance.
If you prefer the additional security of keys that are stored inside the HSM, use the command sysconf hwregencert instead.
Note: All SafeNet Network HSMs come from the factory with the same SSH key. For proper security, run this command before configuring your system for first use.
sysconf regenCert <eth0_ipaddress> [-startdate <startdate>] [-days <days>] [-force]
Parameter | Shortcut | Description |
---|---|---|
<eth0_ipaddress> |
Specifies the IP address of eth0. This parameter is required if the rest of your setup was done without DNS. |
|
-days | -d |
Specifies the number of days for which the new certificate will remain valid, starting on <startdate> Default: 10 years |
-force | -f | Force the action without prompting. |
-startdate | -s | Specifies the starting date upon which the certificate becomes valid - default is 24 hours ago, to obviate possible timezone mismatch issues if you need the certificate to be valid immediately anywhere in the world. |
lunash:>sysconf regencert WARNING !! This command will overwrite the current server certificate and private key. All clients will have to add this server again with this new certificate. If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit' > proceed Proceeding... ERROR. Partition named "Cryptoki User" not found 'sysconf regenCert' successful. NTLS and STC must be (re)started before clients can connect. Please use the 'ntls show' command to ensure that NTLS is bound to an appropriate network device or IP address/hostname for the network device(s) NTLS should be active on. Use 'ntls bind' to change this binding if necessary. Command Result : 0 (Success)