No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

OceanStor 2800 V3 V300R006

This document is applicable to OceanStor 2800 V3. Based on the CLI provided by the DeviceManager, this document describes how to use variouscommands classified by functions and how to set the CLI and manage the storage system throughthese commands. The document that you browse online matches the latest C version of the product. Click Download to download documents of other C versions.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
import certificate

import certificate

Function

The import certificate command is used to import a new private key, certificate, and CA certificate.

Format

import certificate ip=? user=? password=? type=? [ cert_file=? ] [ ca_cert_file=? ] [ key_file=? ] [ port=? ] [ protocol=? ] [ label=? ]

Parameters

Parameter

Description

Value

ip=?

IP address of the FTP/SFTP server.

-

user=?

User allowed by the FTP/SFTP server.

The value contains 1 to 64 characters without colons (:).

password=?

Password of a user allowed by the FTP/SFTP server.

The value contains 1 to 64 characters.

type=?

Certificate type.

Possible values are:

  • "key_management_center": key management center.
  • "device_management": device management.
  • "domain_authentication": domain authentication.
  • "hypermetro_arbitration": HyperMetro arbitration.
  • "https_protocol": HTTPS protocol.
  • "ftps_protocol": FTPS protocol.
  • "syslog_authentication": Syslog server authentication.
  • "ntp_authentication": NTP server authentication.
  • "call_home_authentication": Call Home authentication.
  • "domain_authentication_extension_1": domain authentication extension 1.
  • "domain_authentication_extension_2": domain authentication extension 2.
  • "domain_authentication_extension_3": domain authentication extension 3.
  • "sso_authentication": SSO authentication.
NOTE:
  • OceanStor 2200 V3 (8 GB memory per controller) does not support the certificate type of HyperMetro arbitration, HTTPS protocol, and FTPS protocol.
  • OceanStor 2200 V3 (16 GB memory per controller) does not support the certificate type of HyperMetro arbitration.
  • OceanStor 2100 V3 does not support the certificate type of HyperMetro arbitration, HTTPS protocol, and FTPS protocol.
  • OceanStor 2600 V3 Video Surveillance Edition does not support the certificate type of HyperMetro arbitration.
  • OceanStor 2800 V3 does not support the certificate type of the key management center, HyperMetro arbitration, HTTPS protocol, and FTPS protocol.

key_file=?

Path for storing the private key on the FTP/SFTP server.

The value is a character string that ends with file name extension ".key" or ".pem" (case insensitive).

cert_file=?

Path for storing the certificate file on the FTP/SFTP server.

The value is a character string that ends with file name extension ".crt" or ".pem" (case insensitive).

ca_cert_file=?

Path for storing the CA certificate file on the FTP/SFTP server.

The value is a character string that ends with file name extension ".crt" or ".pem" (case insensitive).

port=?

Port of the FTP/SFTP server.

The value is an integer ranging from 1 to 65535.

  • If protocol=FTP, the default value is "21".
  • If protocol=SFTP, the default value is "22".

protocol=?

Protocol used for transmitting the new certificate and private key.

The value can be "FTP" or "SFTP" and the default value is "SFTP".

label=?

Label.

The value contains 1 to 127 characters including letters, digits, underscores (_), hyphens (-), and periods (.).

Level

Administrator

Usage Guidelines

  • This command can be used to import the signed certificate and CA certificate into the storage array from the FTP or SFTP server connected to the storage system for certificate replacement. This command can also be used to import the private key, certificate, and CA certificate into the storage array for certificate replacement.
  • This command supports that the certificate, CA certificate, and private key file can be imported based on application scenarios (the certificate and CA certificate are required simultaneously for the key management center and HyperMetro arbitration; the certificate is required for device management, HTTPS protocol, and FTPS protocol; the CA certificate is required for domain authentication, SYSLOG server authentication, NTP server authentication, Call Home authentication, domain authentication extension, and SSO authentication).
  • The certificate type supported by this command can be "key_management_center", "device_management", "domain_authentication", "hypermetro_arbitration", "https_protocol", "ftps_protocol", "syslog_authentication", "ntp_authentication", "call_home_authentication", "domain_authentication_extension_1", "domain_authentication_extension_2", "domain_authentication_extension_3", or "sso_authentication".
  • OceanStor 2200 V3 (8 GB memory per controller) does not support the certificate type of HyperMetro arbitration, HTTPS protocol, and FTPS protocol.
  • OceanStor 2200 V3 (16 GB memory per controller) does not support the certificate type of HyperMetro arbitration.
  • OceanStor 2100 V3 does not support the certificate type of HyperMetro arbitration, HTTPS protocol, and FTPS protocol.
  • OceanStor 2600 V3 Video Surveillance Edition does not support the certificate type of HyperMetro arbitration.
  • OceanStor 2800 V3 does not support the certificate type of the key management center, HyperMetro arbitration, HTTPS protocol, and FTPS protocol.
NOTE:

Prerequisites:

  • Storage systems can correctly access the FTP server or SFTP server over the network.
  • The FTP or SFTP service has been enabled on the server.
  • A directory has been created for storing security certificates.

If a storage system serves as a server in the file transfer with external systems, the storage system supports SFTP only. If a storage system serves as a client, the storage system supports both FTP and SFTP.

Example

  • Import a certificate and a CA certificate into the storage array and activate them to replace the old certificates after the certificate request is signed.
    admin/>import certificate ip=10.133.194.20 user=admin password=****** type=key_management_center cert_file=cert.crt ca_cert_file=ca_cert.crt protocol=SFTP port=22 
    WARNING: You are about to replace the SSL certificate. This operation will replace the previous certificate file and may cause the SSL connection to be reconnected. 
    Suggestion: Before you perform this operation, please acknowledge the aforementioned risks and ensure that the certificate file to be imported is correct. 
    Have you read warning message carefully?(y/n)y 
    Are you sure you really want to perform the operation?(y/n)y 
    Command executed successfully.
  • Import a private key, certificate, and CA certificate into the storage array and activate them to replace the old certificates after the certificate request is signed.
    admin/>import certificate ip=10.133.194.20 user=admin password=****** type=key_management_center key_file=key.pem cert_file=cert.pem ca_cert_file=ca_cert.pem protocol=SFTP 
    WARNING: You are about to replace the SSL certificate. This operation will replace the previous certificate file and may cause the SSL connection to be reconnected. 
    Suggestion: Before you perform this operation, please acknowledge the aforementioned risks and ensure that the certificate file to be imported is correct. 
    Have you read warning message carefully?(y/n)y 
    Are you sure you really want to perform the operation?(y/n)y 
    Command executed successfully.

System Response

None

Translation
Download
Updated: 2019-07-12

Document ID: EDOC1000138382

Views: 311962

Downloads: 38

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next