certificate
Use the following commands to configure certificate related settings.
certificate ca
Use this command to install Certificate Authority (CA) root certificates.
When a CA processes your Certificate Signing Request (CSR), it sends you the CA certificate, the signed local certificate and the Certificate Revocation List (CRL).
The process for obtaining and installing certificates is as follows:
- Use the
execute certificate local generate
command to generate a CSR. - Send the CSR to a CA. he CA sends you the CA certificate, the signed local certificate and the CRL.
- Use the
system certificate local
command to install the signed local certificate. - Use the
system certificate ca
command to install the CA certificate. Depending on your terminal software, you can copy the certificate and paste it into the command.
Syntax
config system certificate ca
edit <ca_name>
set ca <certificate>
set comment <string>
end
Variable |
Description |
---|---|
<ca_name> |
Enter a name for the CA certificate. Character limit: 35 |
ca <certificate> |
Enter or retrieve the CA certificate in PEM format. |
comment <string> |
Optionally, enter a descriptive comment. Character limit: 127 |
To view all of the information about the certificate, use the get
command:
get system certificate ca <ca_name>
certificate crl
Use this command to configure CRLs.
Syntax
config system certificate crl
edit <name>
set crl <crl>
set comment <string>
end
Variable |
Description |
---|---|
<name> |
Enter a name for the CRL. Character limit: 35 |
crl <crl> |
Enter or retrieve the CRL in PEM format. |
comment <string> |
Optionally, enter a descriptive comment for this CRL. Character limit: 127 |
certificate local
Use this command to install local certificates. When a CA processes your CSR, it sends you the CA certificate, the signed local certificate and the CRL.
The process for obtaining and installing certificates is as follows:
- Use the
execute certificate local generate
command to generate a CSR. - Send the CSR to a CA. The CA sends you the CA certificate, the signed local certificate and the CRL.
- Use the
system certificate local
command to install the signed local certificate. - Use the
system certificate ca
command to install the CA certificate. Depending on your terminal software, you can copy the certificate and paste it into the command.
Syntax
config system certificate local
edit <cert_name>
set comment <string>
set certificate <certificate_PEM>
set private-key <prkey>
set csr <csr_PEM>
end
Variable |
Description |
---|---|
<cert_name> |
Enter the local certificate name. Character limit: 35 |
password <passwd> |
Enter the local certificate password. Character limit: 67 |
comment <string> |
Enter any relevant information about the certificate. Character length: 127 |
certificate <certificate_PEM> |
Enter the signed local certificate in PEM format. |
You should not modify the following variables if you generated the CSR on this unit. |
|
private-key <prkey> |
The private key in PEM format. |
csr <csr_PEM> |
The CSR in PEM format. |
To view all of the information about the certificate, use the get
command:
get system certificate local [cert_name]
certificate oftp
Use this command to install OFTP certificates and keys.
Syntax
config system certificate oftp
set certificate <certificate>
set comment <string>
set custom {enable | disable}
set password <passwd>
set private-key <key>
end
Variable |
Description |
---|---|
certificate <certificate> |
PEM format certificate. |
comment <string> |
OFTP certificate comment. Character limit: 127 |
custom {enable | disable} |
Enable/disable custom certificates. |
password <passwd> |
Password for encrypted 'private-key', unset for non-encrypted. |
private-key <key> |
PEM format private key. |
certificate ssh
Use this command to install SSH certificates and keys.
The process for obtaining and installing certificates is as follows:
- Use the
execute certificate local generate
command to generate a CSR. - Send the CSR to a CA. The CA sends you the CA certificate, the signed local certificate and the CRL.
- Use the
system certificate local
command to install the signed local certificate. - Use the
system certificate ca
command to install the CA certificate. - Use the
system certificate SSH
command to install the SSH certificate. Depending on your terminal software, you can copy the certificate and paste it into the command.
Syntax
config system certificate ssh
edit <name>
set comment <comment_text>
set certificate <certificate>
set private-key <key>
end
Variable |
Description |
---|---|
<name> |
Enter the SSH certificate name. Character limit: 63 |
comment <comment_text> |
Enter any relevant information about the certificate. Character limit: 127 |
certificate <certificate> |
Enter the signed SSH certificate in PEM format. |
You should not modify the following variables if you generated the CSR on this unit. |
|
private-key <key> |
The private key in PEM format. |
To view all of the information about the certificate, use the get
command:
get system certificate ssh [cert_name]