Certificate Commands

connectorctl cert createcsr

To create a connector Certificate Signing Request using the parameters you provide, use the connectorctl cert createcsr command.

connectorctl cert createcsr -s san -c country -t state -l locality -o organization -u organizationalunit -n commonname -e email

Syntax Description

Keywords and Variables

Description
-s san

Storage Area Network (SAN)  name.
-c country

Country name.
-t state

State name.
-l locality

Locality name.
-o organization

Organization name.
-u organizationalunit

Organizational unit name.
-n commonname

Common name.
-e email

Email ID.

Command History

Release 3

This command is introduced.

connectorctl cert generate

To regenerate a new connector self-signed certificate, use the connectorctl cert generate command. To view this certificate, use the connectorctl cert show command.

connectorctl cert generate

Syntax Description

This command has no keywords or arguments.

Command History

Release 3

This command is introduced.

connectorctl cert import-connector-cert

To import a signed certificate from the specified path to the accurate location on the connector and ensure the security of the connection with the connector, use the connectorctl cert import command.

connectorctl cert import-connector-cert -p <certificate-path>

Syntax Description

Keywords and Variables Description
-p <certificate-path> Path from which the certificate is to imported.

Command History

Release 3

This command is introduced.

Examples

The following is a sample output of the command:

[spacesadmin @ connector ~ ]S connectorctl  cert import-connector-cert -p /home/spacesadmin/import_cert.pem
Executing command:cert
Command execution status:Success
-----------------------
/home/spacesadmin/import_cert.pem exists
Certificate Imported Successfully!
Restarting HAProxy...
HAProxy restarted successfully!

connectorctl cert show

To display the deployed certificate details, use the connectorctl cert show command.

connectorctl cert show

Syntax Description

This command has no keywords or arguments.

Command History

Release 3

This command is introduced.

Examples

The following is a sample output of the command:

[spacesadmin @ connector ~ ]S connectorctl cert show
Executing command:cert
Command execution status:Success
-----------------------
=====================================================================================
Certificate not found.
=====================================================================================
==========

connectorctl cert validate

To validate certificates, use the connectorctl cert validate command.

After validating the certificate, you can upload the certificates to the connector using the connectorctl cert updateca-bundle command.

connectorctl cert validate -c ca_certificate -s path_server_certificate

Syntax Description

Keywords and Descriptions Description

-h

Displays help related to this command.
-c ca_certificate Signed and validated CA certificate.

-s path_server_certificate

Signed and validated server certificate.

Command History

Release 3

This command is introduced.

Usage Guidelines

First, copy the certificates to connector. 
scp proxy-ca-bundle.pem spacesadmin@[connector-ip]:/home/spacesadmin/
scp proxy-server-cert.pem spacesadmin@[connector-ip]:/home/spacesadmin/

Examples

Validate the copied certificate. The following is a sample output of the command: 
[spacesadmin@connector ~]$ connectorctl cert validate -c /home/spacesadmin/proxy-ca-bundle.pem -s /home/spacesadmin/proxy-server-cert.pemExecuting command:certCommand execution status:Success-----------------------/home/spacesadmin/proxy-ca-bundle.pem and /home/spacesadmin/proxy-server-cert.pem exists/home/spacesadmin/proxy-server-cert.pem: OKValidation of certificate is successful

connectorctl cert updateca-bundle

To import a Certification Authority (CA) chain to the the connector's CA trust bundle, use the connectorctl cert updateca-bundle command.

connectorctl cert updateca-bundle -c ca_certificate_chain -s server_certificate

Syntax Description

Keywords and Variables Description
-c ca_certificate Signed and validated CA certificate.

-s server_certificate

Signed and validated server certificate.

Command History

Release 3

This command is introduced.

Usage Guidelines

First, copy the certificates to connector. 
scp proxy-ca-bundle.pem spacesadmin@[connector-ip]:/home/spacesadmin/
scp proxy-server-cert.pem spacesadmin@[connector-ip]:/home/spacesadmin/

Examples

Import the copied certificates. The following is a sample output of the command: 
[spacesadmin@connector ~]$ connectorctl cert updateca-bundle -c /home/spacesadmin/proxy-ca-bundle.pem -s /home/spacesadmin/proxy-server-cert.pem
Executing command:cert
Command execution status:Success
-----------------------
/home/spacesadmin/proxy-ca-bundle.pem and /home/spacesadmin/proxy-server-cert.pem exist
/home/spacesadmin/proxy-server-cert.pem: OK
CA trust bundle updated successfully
System reboot will happen in 10 seconds. Do not execute any other command...

connectorctl cert proxycert-validate

To validate proxy certification authority (CA) bundle, use the connectorctl cert proxycert-validate command.

To validate certificates before uploading them to connector, use the connectorctl cert proxycert-updateca-bundle command.

connectorctl cert proxycert-validate -c proxy-ca-cert-chain -s proxy_server_certificate

Syntax Description

Keywords and Descriptions Description

-h

Displays help related to this command.
-cproxy-ca-certificate-chain Signed and validated proxy CA certificate.

-s proxy-server-certificate

Signed and validated proxy server certificate.

Command History

Release 3

This command is introduced.

Usage Guidelines

First, copy the certificates to connector. 
scp proxy-ca-bundle.pem spacesadmin@[connector-ip]:/home/spacesadmin/
scp proxy-server-cert.pem spacesadmin@[connector-ip]:/home/spacesadmin/

Examples

Validate the copied certificate. The following is a sample output of the command: 
[spacesadmin@connector ~]$ connectorctl cert validate -c /home/spacesadmin/proxy-ca-bundle.pem -s /home/spacesadmin/proxy-server-cert.pem
Executing command:certCommand execution status:Success
-----------------------
/home/spacesadmin/proxy-ca-bundle.pem and /home/spacesadmin/proxy-server-cert.pem exists/home/spacesadmin/proxy-server-cert.pem: OK
Validation of certificate is successful

connectorctl cert proxycert-updateca-bundle

This command imports a proxy Certification Authority (CA) chain to the the connector's CA trust bundle.

connectorctl cert proxycert-updateca-bundle -c proxy-ca-certificate-chain -s proxy-server-certificate

Syntax Description

Keywords and Variables Description
-c proxy-ca-certificate-chain Provides the signed and validated proxy CA certificate.

-s proxy-server-certificate

Provides the signed and validated proxy server certificate.

Command History

Release 3

This command is introduced.

Usage Guidelines

First, copy the certificates to connector. 
scp proxy-ca-bundle.pem spacesadmin@[connector-ip]:/home/spacesadmin/
scp proxy-server-cert.pem spacesadmin@[connector-ip]:/home/spacesadmin/

Examples

Import the copied certificates. The following is a sample output of the command: 
[spacesadmin@connector ~]$ connectorctl cert updateca-bundle -c /home/spacesadmin/proxy-ca-bundle.pem -s /home/spacesadmin/proxy-server-cert.pem
Executing command:cert
Command execution status:Success
-----------------------
/home/spacesadmin/proxy-ca-bundle.pem and /home/spacesadmin/proxy-server-cert.pem exist
/home/spacesadmin/proxy-server-cert.pem: OK
CA trust bundle updated successfully
System reboot will happen in 10 seconds. Do not execute any other command...

connectorctl cert show-ca-cert

This command displays the deployed Certificate Authority (CA) details, use the connectorctl cert remove-ca-cert command.

connectorctl cert show ca-cert

Command History

Release 3

This command is introduced.

Examples

The following is a sample output of the command:

[spacesadmin@connector ~]$  connectorctl  cert show-ca-cert
Executing command:cert
Command execution status:Success
-----------------------
 
====================================================================
         ca-certificate.crt
====================================================================
 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:0d:df:d8:bb:c8:84:81:c5:d0:a2:7c:29:d9:68:35:d5:cd:29:75
        Issuer: CN=MyCA
        Validity
            Not Before: Apr  2 07:01:46 2024 GMT
            Not After : Apr  2 07:01:46 2025 GMT
        Subject: CN=MyCA

connectorctl cert remove-ca-cert

To delete the Certificate Authority (CA) certificate of a specified serial number, use the connectorctl cert remove-ca-cert command.

connectorctl cert remove-ca-cert -s <serial-number>

Syntax Description

Keywords and Descriptions Description

-s <serial-number>

Serial number of the certifiate to be deleted.

Command History

Release 3

This command is introduced.

Examples

The following is a sample output of the command:

[spacesadmin@connector ~]$ connectorctl  cert remove-ca-cert -s 67:0d:df:d8:bb:c8:84:81:c5:d0:a2:7c:29:d9:68:35:d5:cd:29:75
Executing command:cert
Command execution status:Success
-----------------------
 
====================================================================
Path: /etc/pki/ca-trust/source/anchors//ca-certificate.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:0d:df:d8:bb:c8:84:81:c5:d0:a2:7c:29:d9:68:35:d5:cd:29:75
        Issuer: CN=MyCA
        Validity
            Not Before: Apr  2 07:01:46 2024 GMT
            Not After : Apr  2 07:01:46 2025 GMT
        Subject: CN=MyCA
 
====================================================================
Successfuly removed the CA Certificate matching the input
 
Note: System reboot will happen in 10 seconds. Do not execute any other command...