To Next Page

To Previous Page

Chapter 16. PKI configuration

The following sections describe the XIV Command Line Interface (XCLI) for PKI

configuration.

The sections are listed as follows:

v pki_list(Listing PKI items)

v pki_generate_csr(Generate Certificate Signing Request)

v pki_generate_private_key_and_csr(Generate a Private Key and CSR)

v pki_remove(Delete a PKI Content)

v pki_rename(Change PKI Symbolic Name)

v pki_set_pem(Import Signed Certificate In PEM format)

v pki_set_pkcs12(Import PKCS#12 Certificate)

v pki_show_certificate(Show Signed Certificate Details)

v pki_update(Update PKI Certificate or Services)

Listing PKI Items

Listing PKI items

pki_list

XIV allows you to install certificates generated by your own Certificate Authority

(CA) for the different services that use digital certificates (SSL authentication,

IPSec, etc). When you install a certificate in XIV, it is associated with a name that

you provide which is used for managing it.

Certificates can be installed in one of two ways, depending on your site PKI

policy:

v XIV generated - this method does not expose the XIV private key

– XIV generates a public-private keypair

– XIV exports the public key in a Certificate Signing Request (CSR) file using

pki_generate_private_key_and_csr

– The CA signs this file, returning a .PEM file that is then imported into the

XIV using pki_set_pem

v The CA generates both the key pair and associated certificate. Both are provided

in a password-protected PKCS#12 file.

– This file is imported into the XIV using pki_set_pkcs12.

XIV generated - this method does not expose the XIV private key XIV generates a

public-private keypair XIV exports the public key in a Certificate Signing Request

(CSR) file using pki_generate_private_key_and_csr The CA signs this file, returning

a .PEM file that is then imported into the XIV using pki_set_pem CA generated

The CA generates both the key pair and associated certificate. Both are provided in

a password-protected PKCS#12 file. This file is imported into the XIV using

pki_set_pkcs12.

The pki_list command lists the following information:

v Name

337

IBM XIV Specifications

General

Power Supply	Redundant power supplies
Drive Type	SATA
Redundancy	Fully redundant components
Connectivity	Fibre Channel, iSCSI
Form Factor	Rack-mounted
Cache	Distributed cache across modules
Data Protection	Snapshots, remote mirroring
Performance	High throughput and low latency
Scalability	Modular, scale-out architecture
Cooling	Redundant cooling
Architecture	Grid-based, distributed architecture

IBM XIV User Manual

Table of Contents

Questions and Answers:

IBM XIV Specifications

Related product manuals