sysconf installcert

Installs a signed certificate file as the appliance's server certificate (renaming to and replacing server.pem). The certificate must be signed and base64-encoded (*.pem).

NOTE   This feature requires appliance software version 7.7.0 or newer. See Version Dependencies by Feature for more information.

User Privileges

Users with the following privileges can perform this command:

>Admin

Syntax

sysconf installcert <filename>

Argument(s) Shortcut Description
<filename>  

Specifies the filename of the signed certificate.

Example

lunash:>sysconf installCert signed_server.pem

Attempting to install signed_server.pem:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:00:00:00:1e:e5:dd:d2:71:5e:0f:0c:9a:00:00:00:00:00:1e
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=OTT1-TITAN-CA
        Validity
            Not Before: May 28 16:47:09 2019 GMT
            Not After : May 28 16:57:09 2020 GMT
        Subject: C=CA, ST=ON, L=Ottawa, CN=myLuna
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b1:46:cc:c8:70:70:81:89:a8:22:dd:ac:ce:8f:
                    73:c2:77:29:1f:b5:a2:49:de:d3:b3:03:1c:e2:ba:
                    6a:3e:dc:ba:61:d3:88:9c:9e:74:5c:82:9e:1e:64:
                    c7:22:54:e2:6d:99:66:42:9f:e5:b8:87:d6:d4:59:
                    89:0d:88:39:7c:37:ef:42:b3:51:f2:21:5f:eb:de:
                    ed:d6:08:84:af:9c:b7:c7:55:6c:0a:46:85:d9:0c:
                    5a:4d:cf:2d:21:79:fc:83:12:c3:d5:ec:de:4c:39:
                    4d:64:ff:07:28:7e:d0:ab:ff:b7:e6:fe:41:76:8b:
                    4b:4b:b1:14:f2:42:6c:4b:92:00:6b:81:1f:30:8e:
                    48:4d:91:e6:d6:c9:0b:ba:d3:df:6f:8d:0b:bf:01:
                    89:48:74:c5:3b:ab:f2:81:d3:fa:82:c8:eb:5c:ec:
                    ca:b7:9e:bf:7a:75:9d:73:9b:be:e3:fb:f5:74:22:
                    b6:2c:8e:d3:96:c1:53:5e:3e:97:ed:b1:9f:ba:0a:
                    6f:d4:04:fe:d1:3e:d6:9d:d5:f1:e4:35:05:f9:99:
                    a8:1b:66:37:a2:94:5d:76:a3:85:c4:63:3c:26:50:
                    ef:f2:34:76:09:a5:7e:99:95:41:2a:1c:1b:d1:5f:
                    dc:26:30:08:0f:ac:85:30:b3:6e:8f:43:43:f2:fb:
                    c5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:C5:DC:3F:F4:56:5C:AF:25:48:A7:24:DB:69:64:EC:1A:FB:A1:EE
            X509v3 Authority Key Identifier:
                keyid:90:6F:CA:8F:70:28:24:E5:21:6D:01:8C:D0:64:BF:6D:D9:8E:86:D7

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:file:////ott1-titan/CertEnroll/OTT1-TITAN-CA.crl

            Authority Information Access:
                CA Issuers - URI:file:////ott1-titan/CertEnroll/ott1-titan_OTT1-TITAN-CA.crt

    Signature Algorithm: sha1WithRSAEncryption
         61:84:0d:a6:a0:2b:91:4b:82:52:5f:37:58:de:36:c5:52:38:
         f6:de:a8:c4:f6:a7:69:1c:1c:ba:32:ac:0e:d7:76:aa:6c:aa:
         97:41:4d:27:9a:6e:78:0c:b9:d3:76:c7:eb:09:52:2f:a7:4f:
         af:1e:6c:25:15:db:86:2d:63:dc:76:dc:34:ba:06:c7:6e:83:
         3c:4f:c9:b9:c5:94:9a:4c:be:a9:b5:2b:d2:f3:6c:62:f5:6e:
         8c:24:34:48:94:d8:af:b8:59:d0:65:26:7c:39:a1:86:d2:a3:
         e6:16:2a:1a:dc:d6:01:cd:30:cc:75:cf:b4:a2:43:4a:45:74:
         d6:3c:88:71:69:55:59:69:8f:88:51:ad:5b:8c:11:6d:78:b4:
         a5:39:4d:89:02:c5:35:8f:c5:d5:f0:a1:e2:2b:d0:71:be:3c:
         29:32:9f:ac:36:b5:2a:27:c7:64:cf:41:7e:db:da:bb:0f:9c:
         1d:cd:b4:74:ea:9f:31:11:fa:f8:5e:f8:67:c4:5e:39:2a:48:
         b7:9d:6d:0f:45:56:9b:b3:83:35:2e:c5:d1:c4:cd:2e:c7:69:
         0c:b6:98:4b:09:02:13:7c:06:73:8b:ee:ea:ff:ff:9a:c1:88:
         d7:4b:ed:f8:71:23:78:ee:76:be:de:e8:6f:b5:27:84:8b:03:
         6b:3d:91:53

'sysconf installCert' successful. The NTLS, STC and CBS services must be (re)started before clients can connect.
    (Successfully installed signed_server.pem as server.pem)

Please use the 'ntls show' command to ensure that NTLS is bound to an appropriate network device or IP address/hostname
for the network device(s) NTLS should be active on. Use 'ntls bind' to change this binding if necessary.


Command Result : 0 (Success)