文档
我要评分
获取效率
正确性
完整性
易理解
提交关闭

Exporting CSR Files

The following commands are used to export the CSR file service.csr to the directory on the specified CA server for certificate signing. The name of the file exported to the remote server is mac_address.crt.

To obtain the MAC address, run ifconfig | grep ether | awk 'NR==1' | awk '{print $2}'. An example command output is 68:4x:xx:xx:xx:aa, and the character string after the colons (:) are deleted is the MAC address.

Go to the installation directory and run the following command to export the CSR file:

./tools/haf-tool cert --server <ca_server_ip> --path <ca_server_path> --user <ca_server_user> --export

After the command is executed, manually enter the password for logging in to the remote server. The CSR files generated on the remote CA server are mac_addresshost.csr and mac_addresstarget.csr, for example, 684xxxxxxxf2host.csr.

Table 1 Parameter description

Option

Description

Mandatory

--server <ca_server_ip>

CA server IP address

Yes

--path <ca_server_path>

Path for the CA server to issue certificates

Yes

--user <ca_server_user>

User name for logging in to the CA server

Yes

--export

Keywords for exporting the CSR file

Yes

csr_export.sh is the internal script for exporting a CSR file. It is stored in haf-tool/scripts of the installation directory and is invoked by haf_tool. The internal invoking commands are as follows:

cd tools/scripts

./csr_export.sh -i <ip_addr> -p <remote_path> -u <user_name> -t <cert_path>

After the command is executed, manually enter the password for logging in to the remote server.

Table 2 Parameter description

Option

Description

Mandatory

-i <ip_addr>

IP address of the server where the CA node is located. It is entered by the user and transferred by haf_tool.

Yes

-p <remote_path>

Path for storing the CA node certificate. It is entered by the user and transferred by haf_tool.

Yes

-u <user_name>

User name of the server where the CA node is located. It is entered by the user and transferred by haf_tool.

Yes

-t <cert_path>

Path for storing the CSR file. haf-tool uses the cert_path parameter in the configuration file to invoke this path.

Yes

csr_export.sh is an internal tool of the software. You are not advised to invoke it independently.

Parent topic: Service Management