certificate
This subcommand lets you do various actions on currently installed TLS certificates and lets you create certificates.
Syntax
(tls-<Index>)# certificate {create|current-installed}
|
Command |
Description |
|---|---|
|
Index |
Defines the table row index. |
|
create |
Creates a certificate signing request and a new self-signed certificate. |
|
display |
Displays the X.509 fields configuration for CSR and new self signed certificates. |
|
self-signed |
Creates a self-signed certificate (by the device) with the current key. |
|
set-extended-key-usage {add|clear} |
Defines or deletes the extended key usage X.509 field for CSR and new self-signed certificates. The add option provides the following sub-commands to define the key (string) and optionally, to define the key as critical: set-extended-key-usage add <String> [critical] |
|
set-key-usage {add|clear} |
Defines or deletes the key usage X.509 field for CSR and new self-signed certificates. The add option provides the following sub-commands to define the key (string) and optionally, to define the key as critical: set-extended-key-usage add <String> [critical] |
|
set-signature-algorithm {sha-256|sha-512} |
Defines the signature algorithm for CSR and new self-signed certificates. |
|
set-subject {add|clear|copy} |
Defines, deletes or copies the certificate subject name for CSR and new self-signed certificates. The add option provides the following sub-commands to define the subject: certificate create set-subject add {common-name|country|locality|org-unit|organization|state} |
|
set-subject-alternative-name {add|clear} |
Defines or deletes the Subject Alternative Name (SAN) fields, which can be a DNS, e-mail, IP address or URI. The add option provides the following sub-commands to define the SAN fields: certificate create set-subject-alternative-name add {dns|email|ip-addr|uri} |
|
set-subject-key-identifier {add|clear} |
Defines or deletes the subject key identifier (SKI) X.509 field for CSR and new self-signed certificates. The add option provides the following sub-commands to define the SKI: certificate create set-subject-key-identifier add {<HEX STRING>|hash-sha1|hash-sha1-60lsb} |
|
signing-request |
Creates a certificate signing request with the current key, which needs to be sent to the CA. |
|
current-installed |
Performs various actions on the currently installed TLS certificate. |
|
display |
Displays certificate information of currently installed certificate. |
|
export |
Exports the currently installed certificate in PEM format. |
|
import |
Imports a certificate in textual PEM format. Note: The imported certificate replaces the currently installed certificate. |
|
status |
Displays status of currently installed certificate (e.g., expiration day). |
Command Mode
Privileged User
Example
This example displays the status of a currently installed TLS certificate (TLS Context 0):
(tls-0)# certificate current-installed status Security context #0 - default Certificate subject: /CN=ACL_5967925 Certificate issuer : /CN=ACL_5967925 Signature Algorithm: sha256WithRSAEncryption Time to expiration : 7295 days Key size: 2048 bits Active sockets: 0 The currently-loaded private key matches this certificate.