Controls SGD security services and manages server certificates.
tarantella security certinfo | certrequest | certuse | customca | decryptkey | disable | enable | fingerprint | peerca | selfsign | start | stop
The following table shows the available subcommands for this command.
Subcommand | Description | More Information |
---|---|---|
certinfo | Displays information about an SSL certificate or Certificate Signing Request (CSR), and optionally checks whether a specified private key matches the public key contained in a particular SSL certificate. | |
certrequest | Creates a CSR and a corresponding key pair, which you use to obtain an SSL certificate for use with SGD security services. | |
certuse | Installs an SSL certificate, or specifies the location of an installed certificate, for use with SGD security services. | |
customca | Installs a root certificate for a custom CA for use with SGD security services. | |
decryptkey | Decrypts an encrypted private key so that you can use it with SGD. | |
disable | If an SGD server has been secured using the tarantella security enable command, restores the security settings to their previous state. | |
enable | Makes an SGD server secure. | |
fingerprint | Displays the fingerprint of the CA certificate installed on the SGD server. | |
peerca | Shows, imports, or exports the primary server's CA certificate used for secure intra-array communication. | |
selfsign | Generates and installs a self-signed server SSL certificate. | |
start | Enables secure (SSL) connections. Users who require secure connections are given them. | |
stop | Disables secure (SSL) connections. Users configured for secure connections are given standard connections instead. |
All commands include a
--help
option. You can use
tarantella security
subcommand
--help to get
help on a specific command.
The following example displays information about a CSR in
/tmp/boston.csr.
# tarantella security certinfo --csrfile /tmp/boston.csr
The following example decrypts the key
/opt/keys/key1
, which is stored in Definite
Encoding Rules (DER) format, placing the decrypted key in
/opt/keys/key2
.
# tarantella security decryptkey \ --enckey /opt/keys/key1 \ --deckey /opt/keys/key2 \ --format DER