config vpn certificate hsm-local

Local certificates whose keys are stored on HSM.

config vpn certificate hsm-local
    Description: Local certificates whose keys are stored on HSM.
    edit <name>
        set api-version [unknown|gch-default]
        set certificate {user}
        set comments {string}
        set gch-cloud-service-name {string}
        set gch-cryptokey {string}
        set gch-cryptokey-algorithm [rsa-sign-pkcs1-2048-sha256|rsa-sign-pkcs1-3072-sha256|...]
        set gch-cryptokey-version {string}
        set gch-keyring {string}
        set gch-location {string}
        set gch-project {string}
        set gch-url {string}
        set range [global|vdom]
        set source [factory|user|...]
        set vendor [unknown|gch]
    next
end

config vpn certificate hsm-local

Parameter

Description

Type

Size

Default

api-version

API version for communicating with HSM.

option

unknown

Option	Description
unknown	Unknown API version.
gch-default	Google Cloud HSM default API.

certificate

PEM format certificate.

user

Not Specified

comments

Comment.

string

Maximum length: 511

gch-cloud-service-name

Cloud service config name to generate access token.

string

Maximum length: 35

gch-cryptokey

Google Cloud HSM cryptokey.

string

Maximum length: 63

gch-cryptokey-algorithm

Google Cloud HSM cryptokey algorithm.

option

rsa-sign-pkcs1-2048-sha256

Option	Description
rsa-sign-pkcs1-2048-sha256	2048 bit RSA - PKCS#1 v1.5 padding - SHA256 Digest.
rsa-sign-pkcs1-3072-sha256	3072 bit RSA - PKCS#1 v1.5 padding - SHA256 Digest.
rsa-sign-pkcs1-4096-sha256	4096 bit RSA - PKCS#1 v1.5 padding - SHA256 Digest.
rsa-sign-pkcs1-4096-sha512	4096 bit RSA - PKCS#1 v1.5 padding - SHA512 Digest.
rsa-sign-pss-2048-sha256	2048 bit RSA - PSS padding - SHA256 Digest.
rsa-sign-pss-3072-sha256	3072 bit RSA - PSS padding - SHA256 Digest.
rsa-sign-pss-4096-sha256	4096 bit RSA - PSS padding - SHA256 Digest.
rsa-sign-pss-4096-sha512	4096 bit RSA - PSS padding - SHA256 Digest.
ec-sign-p256-sha256	Elliptic Curve P-256 - SHA256 Digest.
ec-sign-p384-sha384	Elliptic Curve P-384 - SHA384 Digest.
ec-sign-secp256k1-sha256	Elliptic Curvesecp256k1 - SHA256 Digest.

gch-cryptokey-version

Google Cloud HSM cryptokey version.

string

Maximum length: 31

gch-keyring

Google Cloud HSM keyring.

string

Maximum length: 63

gch-location

Google Cloud HSM location.

string

Maximum length: 63

gch-project

Google Cloud HSM project ID.

string

Maximum length: 31

gch-url

Google Cloud HSM key URL (e.g. "https://cloudkms.googleapis.com/v1/projects/sampleproject/locations/samplelocation/keyRings/samplekeyring/cryptoKeys/sampleKeyName/cryptoKeyVersions/1"). Read-only.

string

Maximum length: 1024

name

Name.

string

Maximum length: 35

range

Either a global or VDOM IP address range for the certificate.

option

vdom

Option	Description
global	Global range.
vdom	VDOM IP address range.

source

Certificate source type.

option

user

Option	Description
factory	Factory installed certificate.
user	User generated certificate.
bundle	Bundle file certificate.

vendor

HSM vendor.

option

unknown

Option	Description
unknown	Unknown type of HSM.
gch	Google Cloud HSM.

config vpn certificate hsm-local

Local certificates whose keys are stored on HSM.

config vpn certificate hsm-local
    Description: Local certificates whose keys are stored on HSM.
    edit <name>
        set api-version [unknown|gch-default]
        set certificate {user}
        set comments {string}
        set gch-cloud-service-name {string}
        set gch-cryptokey {string}
        set gch-cryptokey-algorithm [rsa-sign-pkcs1-2048-sha256|rsa-sign-pkcs1-3072-sha256|...]
        set gch-cryptokey-version {string}
        set gch-keyring {string}
        set gch-location {string}
        set gch-project {string}
        set gch-url {string}
        set range [global|vdom]
        set source [factory|user|...]
        set vendor [unknown|gch]
    next
end

config vpn certificate hsm-local

Parameter

Description

Type

Size

Default

api-version

API version for communicating with HSM.

option

unknown

Option	Description
unknown	Unknown API version.
gch-default	Google Cloud HSM default API.

certificate

PEM format certificate.

user

Not Specified

comments

Comment.

string

Maximum length: 511

gch-cloud-service-name

Cloud service config name to generate access token.

string

Maximum length: 35

gch-cryptokey

Google Cloud HSM cryptokey.

string

Maximum length: 63

gch-cryptokey-algorithm

Google Cloud HSM cryptokey algorithm.

option

rsa-sign-pkcs1-2048-sha256

Option	Description
rsa-sign-pkcs1-2048-sha256	2048 bit RSA - PKCS#1 v1.5 padding - SHA256 Digest.
rsa-sign-pkcs1-3072-sha256	3072 bit RSA - PKCS#1 v1.5 padding - SHA256 Digest.
rsa-sign-pkcs1-4096-sha256	4096 bit RSA - PKCS#1 v1.5 padding - SHA256 Digest.
rsa-sign-pkcs1-4096-sha512	4096 bit RSA - PKCS#1 v1.5 padding - SHA512 Digest.
rsa-sign-pss-2048-sha256	2048 bit RSA - PSS padding - SHA256 Digest.
rsa-sign-pss-3072-sha256	3072 bit RSA - PSS padding - SHA256 Digest.
rsa-sign-pss-4096-sha256	4096 bit RSA - PSS padding - SHA256 Digest.
rsa-sign-pss-4096-sha512	4096 bit RSA - PSS padding - SHA256 Digest.
ec-sign-p256-sha256	Elliptic Curve P-256 - SHA256 Digest.
ec-sign-p384-sha384	Elliptic Curve P-384 - SHA384 Digest.
ec-sign-secp256k1-sha256	Elliptic Curvesecp256k1 - SHA256 Digest.

gch-cryptokey-version

Google Cloud HSM cryptokey version.

string

Maximum length: 31

gch-keyring

Google Cloud HSM keyring.

string

Maximum length: 63

gch-location

Google Cloud HSM location.

string

Maximum length: 63

gch-project

Google Cloud HSM project ID.

string

Maximum length: 31

gch-url

Google Cloud HSM key URL (e.g. "https://cloudkms.googleapis.com/v1/projects/sampleproject/locations/samplelocation/keyRings/samplekeyring/cryptoKeys/sampleKeyName/cryptoKeyVersions/1"). Read-only.

string

Maximum length: 1024

name

Name.

string

Maximum length: 35

range

Either a global or VDOM IP address range for the certificate.

option

vdom

Option	Description
global	Global range.
vdom	VDOM IP address range.

source

Certificate source type.

option

user

Option	Description
factory	Factory installed certificate.
user	User generated certificate.
bundle	Bundle file certificate.

vendor

HSM vendor.

option

unknown

Option	Description
unknown	Unknown type of HSM.
gch	Google Cloud HSM.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

config vpn certificate hsm-local

config vpn certificate hsm-local

config vpn certificate hsm-local

config vpn certificate hsm-local

config vpn certificate hsm-local

config vpn certificate hsm-local