config vpn certificate setting
VPN certificate setting.
config vpn certificate setting
Description: VPN certificate setting.
set ocsp-status [enable|disable]
set ocsp-option [certificate|server]
set ssl-ocsp-source-ip {ipv4-address}
set ocsp-default-server {string}
set interface-select-method [auto|sdwan|...]
set interface {string}
set check-ca-cert [enable|disable]
set check-ca-chain [enable|disable]
set subject-match [substring|value]
set cn-match [substring|value]
set strict-crl-check [enable|disable]
set strict-ocsp-check [enable|disable]
set ssl-min-proto-version [default|SSLv3|...]
set cmp-save-extra-certs [enable|disable]
set cmp-key-usage-checking [enable|disable]
set certname-rsa1024 {string}
set certname-rsa2048 {string}
set certname-rsa4096 {string}
set certname-dsa1024 {string}
set certname-dsa2048 {string}
set certname-ecdsa256 {string}
set certname-ecdsa384 {string}
set certname-ecdsa521 {string}
set certname-ed25519 {string}
set certname-ed448 {string}
end
config vpn certificate setting
Parameter |
Description |
Type |
Size |
|||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ocsp-status |
Enable/disable receiving certificates using the OCSP. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
ocsp-option |
Specify whether the OCSP URL is from certificate or configured OCSP server. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
ssl-ocsp-source-ip |
Source IP address to use to communicate with the OCSP server. |
ipv4-address |
Not Specified |
|||||||||||||
ocsp-default-server |
Default OCSP server. |
string |
Not Specified |
|||||||||||||
interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
interface |
Specify outgoing interface to reach server. |
string |
Not Specified |
|||||||||||||
check-ca-cert |
Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted . |
option |
- |
|||||||||||||
|
|
|||||||||||||||
check-ca-chain |
Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted . |
option |
- |
|||||||||||||
|
|
|||||||||||||||
subject-match |
When searching for a matching certificate, control how to find matches in the certificate subject name. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
cn-match |
When searching for a matching certificate, control how to find matches in the cn attribute of the certificate subject name. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
strict-crl-check |
Enable/disable strict mode CRL checking. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
strict-ocsp-check |
Enable/disable strict mode OCSP checking. |
option |
- |
|||||||||||||
|
|
|||||||||||||||
ssl-min-proto-version |
Minimum supported protocol version for SSL/TLS connections . |
option |
- |
|||||||||||||
|
|
|||||||||||||||
cmp-save-extra-certs |
Enable/disable saving extra certificates in CMP mode . |
option |
- |
|||||||||||||
|
|
|||||||||||||||
cmp-key-usage-checking |
Enable/disable server certificate key usage checking in CMP mode . |
option |
- |
|||||||||||||
|
|
|||||||||||||||
certname-rsa1024 |
1024 bit RSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |
|||||||||||||
certname-rsa2048 |
2048 bit RSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |
|||||||||||||
certname-rsa4096 |
4096 bit RSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |
|||||||||||||
certname-dsa1024 |
1024 bit DSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |
|||||||||||||
certname-dsa2048 |
2048 bit DSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |
|||||||||||||
certname-ecdsa256 |
256 bit ECDSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |
|||||||||||||
certname-ecdsa384 |
384 bit ECDSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |
|||||||||||||
certname-ecdsa521 |
521 bit ECDSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |
|||||||||||||
certname-ed25519 |
253 bit EdDSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |
|||||||||||||
certname-ed448 |
456 bit EdDSA key certificate for re-signing server certificates for SSL inspection. |
string |
Not Specified |