IBM XIV - Chapter 16. PKI configuration

652 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Chapter 16. PKI configuration

The following sections describe the XIV Command Line Interface (XCLI) for PKI

configuration.

The sections are listed as follows:

v pki_list(Listing PKI items)

v pki_generate_csr(Generate Certificate Signing Request)

v pki_generate_private_key_and_csr(Generate a Private Key and CSR)

v pki_remove(Delete a PKI Content)

v pki_rename(Change PKI Symbolic Name)

v pki_set_pem(Import Signed Certificate In PEM format)

v pki_set_pkcs12(Import PKCS#12 Certificate)

v pki_show_certificate(Show Signed Certificate Details)

v pki_update(Update PKI Certificate or Services)

Listing PKI Items

Listing PKI items

pki_list

XIV allows you to install certificates generated by your own Certificate Authority

(CA) for the different services that use digital certificates (SSL authentication,

IPSec, etc). When you install a certificate in XIV, it is associated with a name that

you provide which is used for managing it.

Certificates can be installed in one of two ways, depending on your site PKI

policy:

v XIV generated - this method does not expose the XIV private key

– XIV generates a public-private keypair

– XIV exports the public key in a Certificate Signing Request (CSR) file using

pki_generate_private_key_and_csr

– The CA signs this file, returning a .PEM file that is then imported into the

XIV using pki_set_pem

v The CA generates both the key pair and associated certificate. Both are provided

in a password-protected PKCS#12 file.

– This file is imported into the XIV using pki_set_pkcs12.

XIV generated - this method does not expose the XIV private key XIV generates a

public-private keypair XIV exports the public key in a Certificate Signing Request

(CSR) file using pki_generate_private_key_and_csr The CA signs this file, returning

a .PEM file that is then imported into the XIV using pki_set_pem CA generated

The CA generates both the key pair and associated certificate. Both are provided in

a password-protected PKCS#12 file. This file is imported into the XIV using

pki_set_pkcs12.

The pki_list command lists the following information:

v Name

337

Table of Contents

Related product manuals

IBM XIV Gen3 Series

Preview: IBM Storwize V7000

IBM Storwize V7000

Preview: IBM Flex System V7000

IBM Flex System V7000

Preview: IBM Storwize V7000 Gen2

IBM Storwize V7000 Gen2

Preview: IBM Storwize V5000 Gen2

IBM Storwize V5000 Gen2

Preview: IBM TotalStorage DS8000

IBM TotalStorage DS8000

Preview: IBM System Storage TS3100

IBM System Storage TS3100

Preview: IBM SAN Volume Controller

IBM SAN Volume Controller

Preview: System Storage DS3524 Express

System Storage DS3524 Express

Preview: Storwize V7000 Unified2073-720

Storwize V7000 Unified2073-720

DS8000 - ADDITIONAL INFORMATION