Deployment Guide

ManualsBrandsDell ManualsserversDell Brocade 5100

1021

Fabric OS Command Reference 997

53-1003131-01

secCertUtil

• Import or export a certificate.

• Configure a SSL certificate file name.

• Enable secure protocols.

This command takes an action and associated arguments. If only an action is specified, this command

prompts interactively for input values of the associated arguments. The command runs noninteractively

when the arguments associated with a given action are specified on the command line. When invoked

without operands, this command displays the usage.

This command is also supported in Access Gateway mode, for FCAP authentication between AG and

the switch.

NOTES The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in

place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for

details.

Before you import a certificate from Windows system, convert the certificate to a Unix file format with the

dos2unix utility.

OPERANDS This command has the following operands:

genkey

Generates a public/private key pair. This is the first step in setting up a third-party

certificate. The following operands are optional; when omitted, the command

prompts interactively for input values to these operands.

-keysize 1024 | 2048

Specifies the size of the key. Valid values are 1024 or 2048 bits. The greater the

value, the more secure is the connection; however, performance degrades with

size. The keys are generated only after all existing CSRs and certificates have

been deleted.

-nowarn

Specifies that no warning is given when overwriting or deleting data. If this

operand is omitted, the command prompts for confirmation before existing CSRs

and certificates are deleted.

delkey

Deletes all public/private key pairs with the exception of Encryption-related

certificates and key pairs. This command prompts for confirmation unless

-nowarn is specified.

-nowarn

Executes the delete operation without confirmation.

-all

Deletes all public/private key pairs including Encryption-related certificates and

key pairs.

gencsr

Generates a new CSR for the switch. This is the second step in setting up a

third-party certificate. The following operands are optional; if omitted, the

command prompts for answers to a series of questions. If only one or a few

operands are specified. the command prompts for input to the remaining

questions. When all questions are answered, a CSR is generated and placed in a

file named ip_address.csr, where ip_address is the IP address of the switch.

-country country code

Specifies the country. Provide a two-letter country code, for example, US.

-state state

Specifies the state. Provide the full name, for example, California. If the state

consists of multiple words, it must be enclosed in double quotes.