This topic provides sample commands for using ASU to manage certificates and responses received.
To view the status of a particular certificate, use the asu show command.
asu show IMM.SSL_HTTPS_SERVER_CERTThe output is:
IMM.SSL_HTTPS_SERVER_CERT=Private Key and CA-signed cert installed, Private Key stored, CSR available for download.
Get supported commands for the related certificate setting by either running the asu showvalues command or by consulting the table of supported commands in Features on Demand (FoD) configuration.
asu showvalues IMM.SSL_HTTPS_SERVER_CSRThe output is:
IMM.SSL_HTTPS_SERVER_CSR=*generate=export
You can tell from the output that the generate and export commands are supported for the setting IMM.SSL_HTTPS_SERVER_CSR.
Use the following command to generate a CSR.
asu generate IMM.SSL_HTTPS_SERVER_CSR asu.xmlThe output is:
Certificate was generated successfully!
An .xml file, like asu.xml in this command, is required in the generate command for all settings that support "generate," except SSH_SERVER_KEY. For instructions about creating this .xml file, refer to the generate command section.
A certificate sign request must be signed by an independent certificate authority to be a certificate.
asu generate IMM.SSL_HTTPS_SERVER_CERT asu.xmlThe output is:
Certificate was generated successfully!
asu export IMM.SSL_HTTPS_SERVER_CSR asu_csr.derThe output is:
Certificate was exported successfully!
The asu_csr.der file is saved in the current directory.
You can export a certificate or a certificate sign request. If a certificate sign request is signed by an independent certificate authority (CA), it is a CA-signed certificate.
After you export a certificate, you can get the certificate sign request file asu_csr.der. You must sign it by using an independent certificate authority. You can only import the CA-signed certificate, which is different than a self_signed one, into HTTPS Server Certificate Management and Lenovo Systems Director over HTTPS Certificate Management.
For settings SSL_CLIENT_TRUSTED_CERT1, SSL_CLIENT_TRUSTED_CERT2, and SSL_CLIENT_TRUSTED_CERT3, if the certificate already exists, you must delete it before importing the certificate.
asu import IMM.SSL_HTTPS_SERVER_CERT asu_cert.derThe output is:
Certificate was imported successfully!
asu deletecert IMM.SSL_CLIENT_TRUSTED_CERT1The output is:
Certificate was deleted successfully!