webserver certificate generate

Generates a REST API Server certificate.

User Privileges

Users with the following privileges can perform this command:

>Admin

Syntax

webserver certificate generate -keytype <key_type> [-keysize <size>] [-curve <curve_name>] [-restart] [-force]

Argument(s)	Shortcut	Description
-keytype <key_type>	-keyt	Key type. Valid values: ecc,rsa
-keysize <size>	-keys	RSA key size (default: 2048). Valid values: 2048,3072,4096
-curve <curve_name>	-c	Elliptic Curve name (ECC only, default: secp384r1). Valid values: secp256k1,secp384r1,secp521r1,prime256v1
-force	-f	Force the action without prompting.
-restart	-r	Restart the REST API service if parameter is specified. Otherwise, the administrator must restart the REST API service via other means (i.e., service start webserver).

Example using Luna Appliance Software 7.9.1 or newer

lunash:>webserver certificate generate -keytype rsa -restart -force
 
Restarting REST API service...
Fingerprint:
     SHA1: 65:3D:12:59:7B:24:39:39:3E:19:2A:34:36:AD:34:5C:32:C1:64:89
     SHA256: 93:15:F4:60:CD:BD:C9:E5:7C:63:14:36:84:7A:61:79:8D:27:D3:51:01:E0:77:0F:BC:90:5B:E7:4C:86:AE:63
REST API Server Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:0e:72:2f:5c:93:40:5a:15:56:98:33:64:52:a3:24:47:a9:fb:65
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = CA, ST = Ontario, O = Thales, CN = localhost
        Validity
            Not Before: Mar 19 06:35:25 2025 GMT
            Not After : Mar 21 06:35:25 2035 GMT
        Subject: C = CA, ST = Ontario, O = Thales, CN = localhost
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:da:64:50:e9:17:df:05:11:84:2f:d0:9a:5c:76:
                    c4:73:46:a4:38:f7:6e:13:67:d4:c4:f5:bb:e0:c0:
                    4e:ba:6b:40:9d:89:a8:44:d3:4b:f3:e5:bd:56:a4:
                    c0:0a:50:28:a7:af:9a:6c:93:55:41:32:0b:9c:78:
                    7a:ed:2c:45:9c:4e:63:b7:04:40:ef:04:e2:39:f3:
                    5f:30:6f:e1:ac:42:b9:91:07:c7:ee:8d:ae:f7:8a:
                    f7:06:e0:b3:f7:85:d9:0f:6a:85:36:d3:aa:4f:50:
                    b5:b1:62:aa:87:d5:3e:ea:ac:86:80:48:3e:a7:b6:
                    4d:6e:0e:c4:db:f0:ab:3c:4b:13:b7:0c:45:a2:12:
                    a1:78:f8:d3:c0:84:b6:06:ad:f6:81:dd:d0:0f:e4:
                    d6:86:92:15:72:4a:7d:29:9d:0a:fc:05:47:b6:0b:
                    00:d5:91:cb:e8:fe:5a:16:53:bf:b8:ac:d2:55:ee:
                    20:36:c1:73:90:60:5a:06:22:8b:58:7f:4c:77:99:
                    3b:02:35:71:e7:95:71:57:a7:19:9e:5c:9a:36:74:
                    af:13:ff:ab:96:71:06:df:94:20:0b:eb:c4:90:ed:
                    d7:9f:55:ba:fa:7c:20:7a:ba:f1:02:a8:fe:6c:06:
                    5e:3c:4e:32:8f:3f:02:ea:c0:b9:41:d0:c7:d3:b3:
                    23:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:F3:5E:30:F8:B6:3F:40:04:0B:24:71:C1:01:F3:F3:90:39:4D:A9
            X509v3 Authority Key Identifier:
                64:F3:5E:30:F8:B6:3F:40:04:0B:24:71:C1:01:F3:F3:90:39:4D:A9
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        72:3c:88:4b:e7:cc:16:ac:1d:d1:53:e4:cf:32:db:7f:03:c5:
        57:92:c8:2a:1f:bc:7d:62:3e:62:79:1e:17:c3:eb:88:a6:21:
        fd:78:18:11:c3:e0:90:04:c8:3f:9a:91:df:26:ca:db:4c:ce:
        11:89:c0:4f:b5:d6:ac:34:14:5d:7b:47:98:9e:10:3b:f6:4e:
        1f:0e:6e:38:b4:bb:98:67:ef:14:ef:78:96:8b:ae:e0:98:e9:
        da:7d:0c:0f:83:4c:6b:cb:70:04:1e:b3:47:d7:be:49:4e:fb:
        aa:61:76:8e:1b:0d:82:55:62:e8:11:82:d9:98:3f:fb:3e:cf:
        ec:81:05:1e:a8:8d:29:8b:4d:17:2d:be:e6:1c:8e:89:4f:ef:
        de:2c:9c:d8:93:2b:1a:62:16:bf:29:a9:cf:c4:bc:6c:c1:fe:
        8c:3a:e6:57:c2:c9:e3:ad:a8:07:92:ba:3c:89:d2:6a:52:2c:
        c9:6a:d4:0e:e9:ec:0b:9b:81:51:52:99:bf:62:0b:f3:c0:34:
        4f:d9:c4:46:af:10:b2:27:ac:dd:e6:3b:62:b2:f8:a1:49:55:
        8b:e0:92:76:00:5a:f5:ca:41:75:2d:f8:6b:5a:37:17:92:4b:
        06:e8:5b:78:d8:34:82:e8:14:4e:ff:bd:95:5c:31:46:43:88:
        eb:d7:56:db
Command Result : 0 (Success)

Example using Luna Appliance Software 7.9.0 or older

lunash:>webserver certificate generate -keytype rsa -restart

WARNING: This operation will generate/regenerate the REST API Server certificate !!!

Type 'proceed' to continue, or 'quit' to quit now.

> proceed
Proceeding...

Restarting REST API service...
Redirecting to /bin/systemctl restart  webserver.service

REST API Server Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d6:93:f0:66:1c:04:9f:34
    Signature Algorithm: sha384WithRSAEncryption
        Issuer: C=CA, ST=Ontario, L=Ottawa, O=Thales, CN=local_host
        Validity
            Not Before: Mar  1 20:22:56 2017 GMT
            Not After : Feb 27 20:22:56 2027 GMT
        Subject: C=CA, ST=Ontario, L=Ottawa, O=Thales, CN=local_host
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cf:f2:56:9b:22:24:f2:4e:bb:ab:8b:d3:38:42:
                    24:65:0d:98:13:de:62:92:8f:5b:a5:6b:a5:ea:15:
                    aa:08:f7:ae:c4:62:58:cf:54:3c:0b:16:fe:ba:71:
                    93:ac:a9:71:14:f0:a7:41:94:0f:34:80:cc:fd:6d:
                    d2:ae:2b:8d:a5:ef:f2:25:43:d6:5e:08:59:b7:1b:
                    a1:7a:dc:96:08:c1:ee:c0:35:41:1e:90:7f:16:d1:
                    32:d0:c6:4c:6b:df:3c:b3:48:2d:14:5f:fa:cc:b4:
                    cf:11:27:3a:74:14:80:17:eb:87:c8:f6:41:35:91:
                    c6:c5:60:67:87:d7:58:ba:b0:7b:97:b8:a9:08:de:
                    67:c9:2d:cf:ac:08:3e:a1:c1:31:23:b3:cd:96:7b:
                    af:45:4e:fd:e6:80:61:28:52:4e:27:27:9c:d6:01:
                    19:ef:74:6e:15:7d:51:d4:62:be:38:a8:8f:04:7e:
                    82:18:7c:75:a5:6a:4c:10:3e:d8:ec:86:03:52:fe:
                    f7:15:0a:45:55:f4:ae:be:c7:88:e5:6b:09:be:18:
                    27:96:54:c2:ad:30:8e:43:d9:0e:f4:4a:00:06:28:
                    fb:08:cd:df:af:31:e3:1d:58:95:f8:51:90:ee:5a:
                    48:3a:21:83:f1:53:59:a8:8f:7c:cf:e8:0f:b2:09:
                    1c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:20:E0:21:B8:19:7F:11:0B:57:7C:3E:0D:CA:70:63:6D:97:E4:CD
            X509v3 Authority Key Identifier:
                keyid:C1:20:E0:21:B8:19:7F:11:0B:57:7C:3E:0D:CA:70:63:6D:97:E4:CD

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha384WithRSAEncryption
        6c:b6:04:92:f9:52:6f:ae:1f:ef:b8:fa:f9:40:16:97:28:10:
        f2:13:64:af:cb:67:63:4b:81:42:cb:00:cb:5a:9b:39:2d:88:
        30:c1:75:bc:90:69:33:67:51:1c:05:c0:b1:e2:88:47:8e:ad:
        48:28:eb:d0:24:e0:48:46:b0:5a:97:e8:c8:0d:39:b9:13:e3:
        78:5a:c2:f6:66:cf:25:97:8e:0b:47:70:41:7e:e1:46:f5:4a:
        25:9a:b0:3f:43:2b:4c:ed:64:b0:2d:24:13:17:2f:bd:09:11:
        c0:15:f2:da:aa:7e:9d:27:2e:b5:cd:7d:0d:b5:80:23:14:3a:
        8c:fc:e2:76:92:d1:87:1b:9e:a5:c6:ef:b2:a0:af:f3:15:cc:
        41:84:5c:d1:fc:d3:3f:9a:c1:65:b0:bf:3c:be:e9:07:f4:25:
        45:ff:f0:65:a7:a6:38:d8:f8:13:55:a6:ee:b1:9f:4a:31:c1:
        d5:e2:b7:a2:f1:8d:07:72:cc:39:d1:4f:34:a7:df:1d:bc:4e:
        d0:94:c4:f2:f9:a0:53:c4:fb:fe:03:4a:01:13:8b:bd:c0:ef:
        ed:1b:90:c8:ec:e9:26:ee:90:9f:94:f2:9c:62:8e:09:55:27:
        26:fb:00:02:3b:6b:5b:53:8a:b4:9c:25:7c:33:78:ec:40:30:
        02:09:cf:20

Command Result : 0 (Success)



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2026, Thales Group Last Updated: 2026-02-06 09:12:13 GMT-05:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information