Exporting CSR Files

The following commands are used to export the CSR file service.csr to the directory on the specified CA server for certificate signing. The name of the file exported to the remote server is mac_address.crt.

To obtain the MAC address, run ifconfig | grep ether | awk 'NR==1' | awk '{print $2}'. An example command output is 68:4a:ae:ca:ea:aa, and the character string after the colon (:) is the MAC address.

• On a host node:

  Run the following command to export the CSR file:

  /opt/haf-host/tools/haf-tool cert --server <ca_server_ip> --path <ca_server_path>--user <ca_server_user> --export --host

  After the command is executed, manually enter the password for logging in to the remote server. The CSR file generated on the remote CA server is mac_addresshost.crt, for example, 684aaecae8f2host.crt.

• On an offload node:

  Run the following command to export the CSR file:

  su -s /bin/bash - haf -c "haf-tool cert --server <ca_server_ip> --path <ca_server_path> --user <ca_server_user> --export --offload"

  After the command is executed, manually enter the password for logging in to the remote server. The CSR files generated on the remote CA server are mac_addressdaemon.crt and mac_addresshaf_user.crt, for example, 684aaecae8f2daemon.crt and 684aaecae8f2haf_user.crt.