Certificates
Check certificates periodically to avoid loss of function. Use CLI commands to obtain and install new certificates.
Certification Expiration
Expired certificates will result in a loss of function. Run the show certificate warn_expire command periodically to check for expired certificates. The command displays certificates that will expire within six months and certificates that have already expired. The user interface will also inform you of certificates that will expire. To see a summary of all certificates, run the command show certificate summary.
For more information, see the full list of Certificate CLI Commands.
New Certificates
To obtain a new certificate, generate a certificate signed request (CSR) and contact a third-party certificate authority (CA) such as VeriSign or Entrust. Guardium does not provide CA services and will not ship systems with different certificates than the ones that are installed by default. The certificate format must be in PEM and include BEGIN and END delimiters. The certificate can either be pasted from the console or imported through one of the standard import protocols.
- create csr alias - This command creates a certificate request with an alias.
- create csr gui - This command creates a certificate request for the tomcat.
- create csr sniffer - This command creates a certificate request for the sniffer.
- store certificate gim - This command stores GIM certificates in the keystore.
- store certificate gui - This command stores tomcat certificates in the keystore.
- store certificate keystore - This command asks for a one-word alias to uniquely identify the certificate and store it in the keystore.
- store certificate mysql - This command stores mysql client and server certificates.
- store certificate stap - This command stores S-TAP certificates.
- store certificate sniffer - This command stores sniffer certificates.
- store cert_key mysql - This command stores the certificate key of a mysql client and server.
- store cert_key sniffer - This command stores the sniffer certificate key.
Backup and Default Options
You can choose to restore certificates and certificate keys with the backup or default parameter. Use the backup parameter to restore a certificate to the last saved certificate. Use the default parameter to restore a certificate to the original certificate that Guardium supplied.
Changes in Commands
- csr is now create csr gui.
- create system csr is now create csr sniffer.
- restore keystore is now restore certificate keystore backup.
- restore system-certificate is now restore certificate sniffer default.
- show system certificate is now show certificate sniffer.
- store system certificate is now store certificate sniffer.
- store trusted certificate is now store certificate keystore.
- store certificate console is now store certificate gui.
New Commands
The following commands are available for use.
- create csr alias
- restore certificate keystore default
- restore certificate sniffer backup
- show certificate all
- show certificate gim
- show certificate gui
- show certificate keystore alias
- show certificate keystore all
- show certificate mysql client
- show certificate mysql server
- show certificate summary
- show certificate warn_expired
Deprecated Commands
The following commands have been deprecated.
- csr
- store certificate console
- store system key
- show system key
- store system certificate
- show system certificate
Full List of Commands
Use the following commands to create, restore, show, or store certificates.
- create csr gui
- create csr alias
- create csr sniffer
- restore certificate keystore default
- restore certificate keystore backup
- restore certificate sniffer backup
- restore certificate sniffer default
- show certificate all
- show certificate gim
- show certificate gui
- show certificate keystore alias
- show certificate keystore all
- show certificate mysql client
- show certificate mysql server
- show certificate sniffer
- show certificate summary
- show certificate warn_expired
- store certificate sniffer
- store certificate gui