Last active
February 16, 2018 05:54
-
-
Save danielewood/059e6ed7990435da5a90c43002da331e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NTPCLST02::> set -privilege advanced | |
Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel. | |
Do you want to continue? {y|n}: yes | |
NTPCLST02::*> security certificate show -vserver NTPCLST02 | |
Vserver Serial Number Common Name Type | |
---------- --------------- -------------------------------------- ------------ | |
NTPCLST02 FA6CD2ACD7AFF4AEA8F9994E0F22BB1E942A | |
ntpclst02.ttl.one server | |
Certificate Authority: Fake LE Intermediate X1 | |
Expiration Date: Wed May 16 11:35:55 2018 | |
NTPCLST02 FA6CD2ACD7AFF4AEA8F9994E0F22BB1E942A | |
ntpclst02.ttl.one server-chain | |
Certificate Authority: Fake LE Intermediate X1 | |
Expiration Date: - | |
2 entries were displayed. | |
NTPCLST02::*> security ssl show -vserver NTPCLST02 | |
Vserver: NTPCLST02 | |
Server Certificate Issuing CA: Fake LE Intermediate X1 | |
Server Certificate Serial Number: FA6CD2ACD7AFF4AEA8F9994E0F22BB1E942A | |
Server Certificate Common Name: ntpclst02.ttl.one | |
SSL Server Authentication Enabled: true | |
SSL Client Authentication Enabled: false | |
Online Certificate Status Protocol Validation Enabled: false | |
URI of the Default Responder for OCSP Validation: | |
Force the Use of the Default Responder URI for OCSP Validation: false | |
Timeout for OCSP Queries: 10s | |
Maximum Allowable Age for OCSP Responses (secs): unlimited | |
Maximum Allowable Time Skew for OCSP Response Validation: 5m | |
Use a NONCE within OCSP Queries: true | |
NTPCLST02::*> security certificate delete -vserver NTPCLST02 * | |
Warning: Deleting the server certificate disables the SSL server authentication as well as client authentication. To enable server authentication, run "security ssl modify | |
-server-enabled true -vserver NTPCLST02 -common-name <common name> -serial <serial number> -ca <CA>". To enable client authentication, run "security ssl modify -vserver | |
NTPCLST02 -client-enabled true". Use the "security ssl show -vserver NTPCLST02 -instance" command to view the SSL configuration status for server and client | |
authentication. | |
Warning: Deleting a server certificate will also delete the corresponding server-chain certificate, if one exists. | |
Do you want to continue? {y|n}: yes | |
1 entry was deleted. | |
NTPCLST02::*> security certificate show -vserver NTPCLST02 | |
There are no entries matching your query. | |
NTPCLST02::*> security ssl show -vserver NTPCLST02 | |
Vserver: NTPCLST02 | |
Server Certificate Issuing CA: - | |
Server Certificate Serial Number: - | |
Server Certificate Common Name: - | |
SSL Server Authentication Enabled: false | |
SSL Client Authentication Enabled: false | |
Online Certificate Status Protocol Validation Enabled: false | |
URI of the Default Responder for OCSP Validation: | |
Force the Use of the Default Responder URI for OCSP Validation: false | |
Timeout for OCSP Queries: 10s | |
Maximum Allowable Age for OCSP Responses (secs): unlimited | |
Maximum Allowable Time Skew for OCSP Response Validation: 5m | |
Use a NONCE within OCSP Queries: true | |
NTPCLST02::*> | |
NTPCLST02::*> security certificate install -type server | |
Please enter Certificate: Press <Enter> when done | |
# Certificate | |
# cat /root/.acme.sh/ntpclst02.ttl.one/ntpclst02.ttl.one.cer | |
-----BEGIN CERTIFICATE----- | |
MIIE9jCCA96gAwIBAgITAPps0qzXr/SuqPmZTg8iux6UKjANBgkqhkiG9w0BAQsF | |
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xODAyMTUx | |
ODM1NTVaFw0xODA1MTYxODM1NTVaMBwxGjAYBgNVBAMTEW50cGNsc3QwMi50dGwu | |
b25lMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYkRRH1fxuELYiW+ | |
dXFNnXuVu81j4zZAVIf//dM7o05s3Uo1im8Ya6lnNGcBB1mCqe/BZSPO02p3fM0v | |
B+yms5tKJBIkV0eJhzQ7seAaA05f/JrvuTyVQSBOc58TuaK/mLM9a5oi0ps3clKw | |
nZz5k3720kR6NaZis9wmvdR6ILCrjIU9jQR3o9KEs7Cko9EPohuRJ4uKylHUao9a | |
++3kot5XK0gM7nJjQLcMtXU+xJtKwdkHyJ3E4mOgbgw3v5ig1KMgch6WRNJYeGgq | |
9sj0fXvuD04AA23QMaHDHKZasNjlXf+J480wPxuEbA9zGLJAxrOBUt08Ugk1BGjZ | |
MSYwFwIDAQABo4ICKTCCAiUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG | |
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSxDNVcB7MK | |
jzG4H69q2TpeZx6j3TAfBgNVHSMEGDAWgBTAzANGuVggzFxycPPhLssgpvVoOjB3 | |
BggrBgEFBQcBAQRrMGkwMgYIKwYBBQUHMAGGJmh0dHA6Ly9vY3NwLnN0Zy1pbnQt | |
eDEubGV0c2VuY3J5cHQub3JnMDMGCCsGAQUFBzAChidodHRwOi8vY2VydC5zdGct | |
aW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wLAYDVR0RBCUwI4IObmV0YXBwLnR0bC5v | |
bmWCEW50cGNsc3QwMi50dGwub25lMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHm | |
BgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j | |
cnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkg | |
b25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkg | |
aW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQg | |
YXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcN | |
AQELBQADggEBADgDFhMp7frB4M6jYPfJzbypB56vsvRfgIqlO8DxHEdz5l5GEIdT | |
N5uFS0/k2mXJVsk+FRNZGY4mXJE82wbzC/VSOI48MiupRLU3bIvWE+AjPgdM2fjf | |
bTzqyfYhb6FwBEDNIAmEhzkyK+aWSCpZvzZo12tmA1FM4x+KrOhFW8hgHGQ7n9tG | |
YUtRYUsCswO90pTt9lFd3pGZZCjue4BL62VNHvXJq3Lp6uvmC2HpqaIO+o5AdJX5 | |
7n+iTkNeUG+i3eVUQu29ju72EK+yBYHFZ5raKtf0JfLGXfBiThP84mBWuSYw56p4 | |
JHSQBKh/mPLUPU0kBuOafrLUrMErda9urHk= | |
-----END CERTIFICATE----- | |
Please enter Private Key: Press <Enter> when done | |
yes | |
# Private Key | |
# cat /root/.acme.sh/ntpclst02.ttl.one/ntpclst02.ttl.one.key | |
-----BEGIN RSA PRIVATE KEY----- | |
MIIEpAIBAAKCAQEAnYkRRH1fxuELYiW+dXFNnXuVu81j4zZAVIf//dM7o05s3Uo1 | |
im8Ya6lnNGcBB1mCqe/BZSPO02p3fM0vB+yms5tKJBIkV0eJhzQ7seAaA05f/Jrv | |
uTyVQSBOc58TuaK/mLM9a5oi0ps3clKwnZz5k3720kR6NaZis9wmvdR6ILCrjIU9 | |
jQR3o9KEs7Cko9EPohuRJ4uKylHUao9a++3kot5XK0gM7nJjQLcMtXU+xJtKwdkH | |
yJ3E4mOgbgw3v5ig1KMgch6WRNJYeGgq9sj0fXvuD04AA23QMaHDHKZasNjlXf+J | |
480wPxuEbA9zGLJAxrOBUt08Ugk1BGjZMSYwFwIDAQABAoIBAQCGc7u3FsItvVi3 | |
1bruBVvW8ulitfNwspbJDqHfgu89e+vSGkoD8rmG+bhJszffi/fHDgejSKJ3MkD0 | |
1TI0sze7xufKTWmSzE2GhYAFWl0ZQUUPFTVQhXJleSs75yMwpsSbkS70rULXOP5j | |
pkty2czwo8YIw8UCERXgqB6wma36Qze/jz9/hK0F0wEyGxkJ6h9dwU68bNYImKr/ | |
2DpGyflnpO3h2S2YRBkqrf0XOunwvcvhGx6OYbIu/c/s++1vSL3NZZFoN2urPgGv | |
21N0noio7UsPm+N6MbcmxTjkowxhUdwc6IpkC9xqtz0HHalGoSl4lb0zDlhbN9Bi | |
CK4GRu1hAoGBANBdlMdgzqTxxFgWNgJ84twVSRBRvsWzPVknrISUIRnM+aYRQW+/ | |
T8cD18Zzv7fhNtCZOZBnQXuFm8PiuLs2tL538p9bBQR3itFUnclCTkUzgkGxBRtY | |
Vmd9Q6jrlbx54e+q+sgE1hDKv+XvZojjkt/U3itaFV619a/mYHqBUxOZAoGBAMGM | |
sg5uUSvw998PdXmDsC33iErbeiNIpM8R2Cnv3iWRdYqPrpOoYGsWmsm0467yOPxB | |
XFNtVRInVSTRWihVfdyj8b9tc5r2Leu/hqqIGje+rOIo/zzvwbJ/wC9mu6Y0Q2Uy | |
QqqnlalxbigJg1Gt0g6w8AdiVV/i6Ahoo6I8gK8vAoGAQDq4pAUZbgsAxU6Dc5zf | |
qYv+K8OnFPY9kQAD1BJ9aaCfzCtBiprkkqqClzATBzGrXf39mp/ZtaPn8igvXbZt | |
XNFIvwqlr0zSQ9jbkrCXxAkuu+U/d8BxUhFxC98jFyhTFzgTehjTi/WT1eNILiZI | |
nirWGXL5Z2qbw482akz3OPECgYA5DfeDB4QIFv2KlK0FiAtMUZassmwbsJNcsx7s | |
pdfvbSSgFuDYiB78EmrIoPkpHiAsRDwqH6WfN1cDBm+0ShdTDkT6MBKPEJjS0N+q | |
r3pDCoM+G+W5mdeYfc4yau9P/EINt7YtRj949oYJaVx7nGi6ifAHzTXrkSDjMa1i | |
6sDoYwKBgQCWM60P36yexVZGufSoJS3G7FGcn9SqSD7ilPbhSRapfGrEBCurVTfp | |
QdhF1auisg8vdj2pmEyknC6EgF3OG8d3n8/GvxtKRI1VCVBu4Pawex0puJbLQ5FU | |
guL1PFSRmDFGo0/Tuua47nXJ+AiVBbFSOjVYmPUUJGB51eBVw3z3ig== | |
-----END RSA PRIVATE KEY----- | |
Please enter certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of the server | |
certificate and can range up to the root CA certificate. | |
Do you want to continue entering root and/or intermediate certificates {y|n}: yes | |
Please enter Intermediate Certificate: Press <Enter> when done | |
# Intermediate CA Certificate | |
# cat /root/.acme.sh/ntpclst02.ttl.one/ca.cer | |
-----BEGIN CERTIFICATE----- | |
MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw | |
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2 | |
MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw | |
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0 | |
8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym | |
oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0 | |
ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN | |
xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56 | |
dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9 | |
AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw | |
HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0 | |
BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu | |
b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu | |
Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq | |
hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF | |
UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9 | |
AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp | |
DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7 | |
IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf | |
zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI | |
PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w | |
SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em | |
2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0 | |
WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt | |
n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= | |
-----END CERTIFICATE----- | |
Do you want to continue entering root and/or intermediate certificates {y|n}: yes | |
Please enter Intermediate Certificate: Press <Enter> when done | |
# Root CA Certificate | |
# For Fake LE RootCA: | |
# openssl x509 -in /root/.acme.sh/ntpclst02.ttl.one/ca.cer -noout -text | grep 'CA Issuers - URI:' | awk -F'URI:' '{print $2}' | xargs -i curl -L {} | openssl x509 -inform der | |
# For Production LE RootCA: | |
# openssl x509 -in /root/.acme.sh/ntpclst02.ttl.one/ca.cer -noout -text | grep 'CA Issuers - URI:' | awk -F'URI:' '{print $2}' | xargs -i curl -L {} | openssl pkcs7 -inform der -print_certs | |
-----BEGIN CERTIFICATE----- | |
MIIFATCCAumgAwIBAgIRAKc9ZKBASymy5TLOEp57N98wDQYJKoZIhvcNAQELBQAw | |
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDMyMzIyNTM0NloXDTM2 | |
MDMyMzIyNTM0NlowGjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMIICIjANBgkq | |
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA+pYHvQw5iU3v2b3iNuYNKYgsWD6KU7aJ | |
diddtZQxSWYzUI3U0I1UsRPTxnhTifs/M9NW4ZlV13ZfB7APwC8oqKOIiwo7IwlP | |
xg0VKgyz+kT8RJfYr66PPIYP0fpTeu42LpMJ+CKo9sbpgVNDZN2z/qiXrRNX/VtG | |
TkPV7a44fZ5bHHVruAxvDnylpQxJobtCBWlJSsbIRGFHMc2z88eUz9NmIOWUKGGj | |
EmP76x8OfRHpIpuxRSCjn0+i9+hR2siIOpcMOGd+40uVJxbRRP5ZXnUFa2fF5FWd | |
O0u0RPI8HON0ovhrwPJY+4eWKkQzyC611oLPYGQ4EbifRsTsCxUZqyUuStGyp8oa | |
aoSKfF6X0+KzGgwwnrjRTUpIl19A92KR0Noo6h622OX+4sZiO/JQdkuX5w/HupK0 | |
A0M0WSMCvU6GOhjGotmh2VTEJwHHY4+TUk0iQYRtv1crONklyZoAQPD76hCrC8Cr | |
IbgsZLfTMC8TWUoMbyUDgvgYkHKMoPm0VGVVuwpRKJxv7+2wXO+pivrrUl2Q9fPe | |
Kk055nJLMV9yPUdig8othUKrRfSxli946AEV1eEOhxddfEwBE3Lt2xn0hhiIedbb | |
Ftf/5kEWFZkXyUmMJK8Ra76Kus2ABueUVEcZ48hrRr1Hf1N9n59VbTUaXgeiZA50 | |
qXf2bymE6F8CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB | |
Af8wHQYDVR0OBBYEFMEmdKSKRKDm+iAo2FwjmkWIGHngMA0GCSqGSIb3DQEBCwUA | |
A4ICAQBCPw74M9X/Xx04K1VAES3ypgQYH5bf9FXVDrwhRFSVckria/7dMzoF5wln | |
uq9NGsjkkkDg17AohcQdr8alH4LvPdxpKr3BjpvEcmbqF8xH+MbbeUEnmbSfLI8H | |
sefuhXF9AF/9iYvpVNC8FmJ0OhiVv13VgMQw0CRKkbtjZBf8xaEhq/YqxWVsgOjm | |
dm5CAQ2X0aX7502x8wYRgMnZhA5goC1zVWBVAi8yhhmlhhoDUfg17cXkmaJC5pDd | |
oenZ9NVhW8eDb03MFCrWNvIh89DDeCGWuWfDltDq0n3owyL0IeSn7RfpSclpxVmV | |
/53jkYjwIgxIG7Gsv0LKMbsf6QdBcTjhvfZyMIpBRkTe3zuHd2feKzY9lEkbRvRQ | |
zbh4Ps5YBnG6CKJPTbe2hfi3nhnw/MyEmF3zb0hzvLWNrR9XW3ibb2oL3424XOwc | |
VjrTSCLzO9Rv6s5wi03qoWvKAQQAElqTYRHhynJ3w6wuvKYF5zcZF3MDnrVGLbh1 | |
Q9ePRFBCiXOQ6wPLoUhrrbZ8LpFUFYDXHMtYM7P9sc9IAWoONXREJaO08zgFtMp4 | |
8iyIYUyQAbsvx8oD2M8kRvrIRSrRJSl6L957b4AFiLIQ/GgV2curs0jje7Edx34c | |
idWw1VrejtwclobqNMVtG3EiPUIpJGpbMcJgbiLSmKkrvQtGng== | |
-----END CERTIFICATE----- | |
Do you want to continue entering root and/or intermediate certificates {y|n}: no | |
You should keep a copy of the private key and the CA-signed digital certificate for future reference. | |
NTPCLST02::*> security ssl modify -vserver NTPCLST02 -server-enabled true -ca "Fake LE Intermediate X1" -serial FA6CD2ACD7AFF4AEA8F9994E0F22BB1E942A | |
NTPCLST02::*> security ssl show -vserver NTPCLST02 | |
Vserver: NTPCLST02 | |
Server Certificate Issuing CA: Fake LE Intermediate X1 | |
Server Certificate Serial Number: FA6CD2ACD7AFF4AEA8F9994E0F22BB1E942A | |
Server Certificate Common Name: ntpclst02.ttl.one | |
SSL Server Authentication Enabled: true | |
SSL Client Authentication Enabled: false | |
Online Certificate Status Protocol Validation Enabled: false | |
URI of the Default Responder for OCSP Validation: | |
Force the Use of the Default Responder URI for OCSP Validation: false | |
Timeout for OCSP Queries: 10s | |
Maximum Allowable Age for OCSP Responses (secs): unlimited | |
Maximum Allowable Time Skew for OCSP Response Validation: 5m | |
Use a NONCE within OCSP Queries: true | |
NTPCLST02::*> security certificate show -vserver NTPCLST02 | |
Vserver Serial Number Common Name Type | |
---------- --------------- -------------------------------------- ------------ | |
NTPCLST02 FA6CD2ACD7AFF4AEA8F9994E0F22BB1E942A | |
ntpclst02.ttl.one server | |
Certificate Authority: Fake LE Intermediate X1 | |
Expiration Date: Wed May 16 11:35:55 2018 | |
NTPCLST02 FA6CD2ACD7AFF4AEA8F9994E0F22BB1E942A | |
ntpclst02.ttl.one server-chain | |
Certificate Authority: Fake LE Intermediate X1 | |
Expiration Date: - | |
2 entries were displayed. | |
NTPCLST02::*> set -privilege admin |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment