import command

Use the import command to import a certificate into the Remote Supervisor Adapter, Remote Supervisor Adapter II, or IMM.

Syntax

The import command is targeted to a Remote Supervisor Adapter, Remote Supervisor Adapter II or IMM. Use the command to import a certificate into the Remote Supervisor Adapteror Remote Supervisor Adapter II command or IMM. Out-of-band mode of the command is supported for IMM only. The import command requires a binary certificate file that is in the same directory from which the ASU is running.

You are only allowed to import the CA-signed certificate (it differs from self-signed) into the HTTPS Server Certificate Management and Lenovo Systems Director over HTTPS Certificate Management section.

For the section SSL Client Certificate Management, the first two settings SSL_LDAP_CLIENT_CERT and SSL_LDAP_CLIENT_CSR,

also only permit CA-signed certificates to be imported. But for the other three settings shown below, both self-signed and CA-signed certificates can be imported:
  • SSL_CLIENT_TRUSTED_CERT1
  • SSL_CLIENT_TRUSTED_CERT2
  • SSL_CLIENT_TRUSTED_CERT3

The certificate to be imported should be in the .der format. If you want to set up your own independent certificate authority and sign your certificate sign request file, see Managing certificates for IMM-based systems to set up a certificate authority and sign a certificate sign request.

Note: See Supported commands for IMM-based certificate management to learn more about supported commands of settings for IMM-based servers. For the following settings, if the certificate already exists, you must delete it before you import the certificate:
SSL_CLIENT_TRUSTED_CERT1
SSL_CLIENT_TRUSTED_CERT2
SSL_CLIENT_TRUSTED_CERT3
The syntax of the import command is
asu import setting certificate_binary_file [-nx] [connect_options]
where

setting is the name of an ASU setting and certificate_binary_file is the name of a file that is generated with the valid certificate information.

Notes

  1. If the optional -nx parameter is specified, the ASU performs the operation for node x, where x is the selected node in a multi-node system. It is represented by a number from 1 through 8. If the -nx parameter is not specified, the operation is performed on the primary node (node 1).
  2. The connect options are defined for IMM-based servers only. The --host ip_address, --user user_id, and --password password connect options are all required if you connect remotely to the IMM. The default user and password will not support an out-of-band connection now. The --mtsn, --net, --user, and --password options can be used to connect to IMM-based servers if the server running ASU and the target IMM-based servers are in one LAN. The --user user_id and --password password connect options are not required if you are using the local KCS interface.

Output

The output of the import command is a message that indicates that the Remote Supervisor Adapter, Remote Supervisor Adapter II, or IMM has completed the command successfully.

You can import the signed certificate in .der format only. See Managing certificates for IMM-based systems to set up a certificate authority and sign a certificate sign request to learn about how to set up your own CA.

The import command and corresponding output are shown in the following examples.

Command line:
asu import RSA_Import_Trusted_Certificate_1 asu.cert
Output:
Certificate was imported successfully!
Command line:
 asu import IMM.SSL_HTTPS_SERVER_CERT asu.cert
Output:
Certificate was imported successfully!