Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

971

972

973

974

975

976

977

978

979

980

950 Brocade Fabric OS Command Reference

53-1004112-02

secCertUtil

Description

Use this command to manage third-party certificates on a switch, including Public Key Infrastructure (PKI) based

certificates, Lightweight Directory Access Protocol (LDAP) certificates, FCAP certificates, and syslog CA

certificates. This command also imports or exports Certificate Signing Requests (CSRs) from or to a remote host.

This command supports IPV4 and IPV6 addresses.

Use this command to do the following:

• Generate a public/private key pair.

• Delete a public/private key pair.

• Generate a CSR.

• Delete a CSR.

• List existing certificates on a switch.

• Display the contents of a certificate or CSR.

• Delete a specified certificate.

• Import or export a certificate.

• Configure a SSL certificate file name.

• Enable secure protocols.

This command takes an action and associated arguments. If only an action is specified, this command prompts

interactively for input values of the associated arguments. The command runs noninteractively when the

arguments associated with a given action are specified on the command line. When invoked without operands, this

command displays the usage.

This command is also supported in Access Gateway mode, for FCAP authentication between AG and the switch.

Notes The execution of this command is subject to Virtual Fabric restrictions that may be in place. Refer to "Using Fabric

OS Commands" and "Command Availability" for details.

Before you import a certificate from Windows system, convert the certificate to a Unix file format with the dos2unix

utility.

Operands This command has the following operands:

genkey

Generates a public/private key pair. This is the first step in setting up a third-party certificate.

The following operands are optional; when omitted, the command prompts interactively for

input values to these operands.

-keysize 1024 | 2048 | 4096 | 8192

Specifies the size of the key. Valid values are 1024, 2048, 4096, or 8192 bits. The greater

the value, the more secure is the connection; however, performance degrades with size. The

keys are generated only after all existing CSRs and certificates have been deleted.

-nowarn

Specifies that no warning is given when overwriting or deleting data. If this operand is

omitted, the command prompts for confirmation before existing CSRs and certificates are

deleted.