execute vpn
vpn
This topic includes the following commands:
- execute vpn certificate ca export tftp
- execute vpn certificate ca import auto
- execute vpn certificate ca import bundle
- execute vpn certificate ca import est
- execute vpn certificate ca import tftp
- execute vpn certificate crl import auto
- execute vpn certificate ems_ca import tftp
- execute vpn certificate hsm-local export tftp
- execute vpn certificate hsm-local gch get-versions
- execute vpn certificate hsm-local gch status
- execute vpn certificate hsm-local gch verify
- execute vpn certificate hsm-local import tftp
- execute vpn certificate hsm-local primus generate ec
- execute vpn certificate hsm-local primus generate rsa
- execute vpn certificate hsm-local primus load-key
- execute vpn certificate hsm-local safenet generate rsa
- execute vpn certificate local export sftp
- execute vpn certificate local export tftp
- execute vpn certificate local generate cmp-ec
- execute vpn certificate local generate cmp-rsa
- execute vpn certificate local generate default-gui-mgmt-cert
- execute vpn certificate local generate default-ssl-ca
- execute vpn certificate local generate default-ssl-ca-untrusted
- execute vpn certificate local generate default-ssl-key-certs
- execute vpn certificate local generate default-ssl-serv-key
- execute vpn certificate local generate ec
- execute vpn certificate local generate est
- execute vpn certificate local generate rsa
- execute vpn certificate local import sftp
- execute vpn certificate local import tftp
- execute vpn certificate local verify
- execute vpn certificate remote export tftp
- execute vpn certificate remote import tftp
- execute vpn ipsec tunnel down
- execute vpn ipsec tunnel up
execute vpn certificate ca export tftp
Export CA certificate to a TFTP server.
execute vpn certificate ca export tftp <string> <string> <ip>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
CA certificate name. |
string |
|
|
<string> |
File name on the TFTP server. |
string |
|
|
<ip> |
IP address of TFTP server. |
string |
|
execute vpn certificate ca import auto
Import CA certificate via SCEP.
execute vpn certificate ca import auto <string> <string> <ip> <fingerprint>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
URL of the CA server. |
string |
|
|
<string> |
CA Identifier (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<fingerprint> |
Fingerprint for authenticating CA certificate from server (optional). |
string |
|
execute vpn certificate ca import bundle
Import certificate bundle from a TFTP server.
execute vpn certificate ca import bundle <string> <ip>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<ip> |
IP address of TFTP server. |
string |
|
execute vpn certificate ca import est
Import CA certificate via EST.
execute vpn certificate ca import est <string> <string> <string> <string> <ip> <string> <string> <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
URL of the CA server. (e.g. https://example.com:1234). |
string |
|
|
<string> |
CA Identifier (optional). |
string |
|
|
<string> |
Verify CA server using this certificate (optional). |
string |
|
|
<string> |
Client certificate (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<string> |
TLS-SRP Username (optional). |
string |
|
|
<string> |
TLS-SRP Password (optional). |
string |
|
|
<string> |
HTTP Authentication Username (optional). |
string |
|
|
<string> |
HTTP Authentication Password (optional). |
string |
|
execute vpn certificate ca import tftp
Import CA certificate from a TFTP server.
execute vpn certificate ca import tftp <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn certificate crl import auto
Update CRL.
execute vpn certificate crl import auto <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
CRL name. |
string |
|
execute vpn certificate ems_ca import tftp
Import Testing EMS CA certificate from a TFTP server.
execute vpn certificate ems_ca import tftp <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn certificate hsm-local export tftp
Export local certificate or certificate request to a TFTP server.
execute vpn certificate hsm-local export tftp <string> <string> <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<string> |
Certificate file type ('cer'|'csr'). |
string |
|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn certificate hsm-local gch get-versions
List available crypto-key-versions.
execute vpn certificate hsm-local gch get-versions <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
hsm-local certificate name. |
string |
|
|
<string> |
Access token or JSON Web Token to be used as bearer token in request. |
string |
|
execute vpn certificate hsm-local gch status
Status check for an hsm-local certificate.
execute vpn certificate hsm-local gch status <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
hsm-local certificate name. |
string |
|
|
<string> |
Access token or JSON Web Token to be used as bearer token in request. |
string |
|
execute vpn certificate hsm-local gch verify
Verify between hsm-local certificate and its private key.
execute vpn certificate hsm-local gch verify <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
hsm-local certificate name. |
string |
|
|
<string> |
Access token or JSON Web Token to be used as bearer token in request. |
string |
|
execute vpn certificate hsm-local import tftp
Import the signed certificate from a TFTP server.
execute vpn certificate hsm-local import tftp <string> <tftp server> <string> <Enter>|<passwd>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
|
<string> |
Certificate file type ('cer'). |
string |
|
|
<Enter>|<passwd> |
Password for PKCS12 file. |
string |
|
execute vpn certificate hsm-local primus generate ec
Generate a Primus HSM elliptic curve certificate request.
execute vpn certificate hsm-local primus generate ec <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string> <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Hardware Security Module partition name. |
string |
|
|
<string> |
Local and Hardware Security Module certificate and key name. |
string |
|
|
<string> |
Elliptic curve name: secp256r1, secp384r1 and secp521r1. |
string |
|
|
<string> |
Subject (Host IP/Domain Name/E-Mail). |
string |
|
|
<string> |
Country name (e.g. Canada) or country code (e.g. ca). |
string |
|
|
<string> |
State. |
string |
|
|
<string> |
City. |
string |
|
|
<string> |
Org. |
string |
|
|
<string> |
Unit(s); ',' as delimiter. |
string |
|
|
<string> |
Email. |
string |
|
|
<string> |
Subject alternative name (optional). |
string |
|
|
<string> |
URL of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Challenge password for signing via SCEP (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<string> |
CA identifier of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Password for private-key (optional). |
string |
|
|
<string> |
Installed CA certificate for generating fingerprint for validating CA from SCEP server (optional). |
string |
|
|
<string> |
Fingerprint for authenticating CA certificate from SCEP server. Ignored if valid CA for generating fingerprint is specified (optional). |
string |
|
execute vpn certificate hsm-local primus generate rsa
Generate a Primus HSM RSA certificate request.
execute vpn certificate hsm-local primus generate rsa <string> <string> <number> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string> <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Hardware Security Module partition name. |
string |
|
|
<string> |
Local and Hardware Security Module certificate and key name. |
string |
|
|
<number> |
Key size: 1024, 1536, 2048, 4096. |
string |
|
|
<string> |
Subject (Host IP/Domain Name/E-Mail). |
string |
|
|
<string> |
Country name (e.g. Canada) or country code (e.g. ca). |
string |
|
|
<string> |
State. |
string |
|
|
<string> |
City. |
string |
|
|
<string> |
Org. |
string |
|
|
<string> |
Unit(s); ',' as delimiter. |
string |
|
|
<string> |
Email. |
string |
|
|
<string> |
Subject alternative name (optional). |
string |
|
|
<string> |
URL of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Challenge password for signing via SCEP (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<string> |
CA identifier of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Password for private-key (optional). |
string |
|
|
<string> |
Installed CA certificate for generating fingerprint for validating CA from SCEP server (optional). |
string |
|
|
<string> |
Fingerprint for authenticating CA certificate from SCEP server. Ignored if valid CA for generating fingerprint is specified (optional). |
string |
|
execute vpn certificate hsm-local primus load-key
Try to load in a certificate from the Primus HSM.
execute vpn certificate hsm-local primus load-key <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local and Hardware Security Module key name. |
string |
|
execute vpn certificate hsm-local safenet generate rsa
Generate a SafeNet HSM RSA certificate request.
execute vpn certificate hsm-local safenet generate rsa <string> <string> <number> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string> <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
HSM slot name. |
string |
|
|
<string> |
Local certificate name. |
string |
|
|
<number> |
Key size: 1024, 1536, 2048, 4096. |
string |
|
|
<string> |
Subject (Host IP/Domain Name/E-Mail). |
string |
|
|
<string> |
Country name (e.g. Canada) or country code (e.g. ca). |
string |
|
|
<string> |
State. |
string |
|
|
<string> |
City. |
string |
|
|
<string> |
Org. |
string |
|
|
<string> |
Unit(s); ',' as delimiter. |
string |
|
|
<string> |
Email. |
string |
|
|
<string> |
Subject alternative name (optional). |
string |
|
|
<string> |
URL of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Challenge password for signing via SCEP (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<string> |
CA identifier of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Password for private-key (optional). |
string |
|
|
<string> |
Installed CA certificate for generating fingerprint for validating CA from SCEP server (optional). |
string |
|
|
<string> |
Fingerprint for authenticating CA certificate from SCEP server. Ignored if valid CA for generating fingerprint is specified (optional). |
string |
|
execute vpn certificate local export sftp
Export local certificate or certificate request to a SFTP server.
execute vpn certificate local export sftp <string> <string> <string> <sftp server>[:sftp port] <sftp user> <sftp passwd> <Enter>|<passwd>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<string> |
Certificate file type ('cer'|'p12'|'csr'). |
string |
|
|
<string> |
File name on the SFTP server. |
string |
|
|
<sftp server>[:sftp port] |
SFTP server IPv4, IPv6 can be attached with port. |
string |
|
|
<sftp user> |
SFTP username. |
string |
|
|
<sftp passwd> |
SFTP password. |
string |
|
|
<Enter>|<passwd> |
Password for PKCS12 file. |
string |
|
execute vpn certificate local export tftp
Export local certificate or certificate request to a TFTP server.
execute vpn certificate local export tftp <string> <string> <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<string> |
Certificate file type ('cer'|'p12'|'csr'). |
string |
|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn certificate local generate cmp-ec
Generate a ECDSA certificate request over CMPv2.
execute vpn certificate local generate cmp-ec <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<string> |
Elliptic curve name: secp256r1, secp384r1 and secp521r1. |
string |
|
|
<string> |
Server ('ADDRESS:PORT' for CMP server). |
string |
|
|
<string> |
Path (Path location inside CMP server) |
string |
|
|
<string> |
SrvCert (CMDB name of CMP server's certificate/root-CA) |
string |
|
|
<string> |
AuthCert (CMDB name of client's current certificate) |
string |
|
|
<string> |
User (Username for doing the IR with a pre-shared key) |
string |
|
|
<string> |
Password (Password for doing the IR with a pre-shared key) |
string |
|
|
<string> |
Subject (optional, e.g. "CN=User,O=Org,OU=Unit"). |
string |
|
|
<string> |
Subject alternative name (optional, e.g. "DNS:dns1.com,IP:192.168.1.99"). |
string |
|
|
<ip> |
Source-IP for communications to the CMP server (optional). |
string |
|
execute vpn certificate local generate cmp-rsa
Generate a RSA certificate request over CMPv2.
execute vpn certificate local generate cmp-rsa <string> <number> <string> <string> <string> <string> <string> <string> <string> <string> <ip>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<number> |
Key size: 1024, 1536, 2048, 4096. |
string |
|
|
<string> |
Server ('ADDRESS:PORT' for CMP server, add 'https://' before address to enable ssl/tls). |
string |
|
|
<string> |
Path (Path location inside CMP server) |
string |
|
|
<string> |
SrvCert (CMDB name of CMP server's certificate/root-CA) |
string |
|
|
<string> |
AuthCert (CMDB name of client's current certificate) |
string |
|
|
<string> |
User (Username for doing the IR with a pre-shared key) |
string |
|
|
<string> |
Password (Password for doing the IR with a pre-shared key) |
string |
|
|
<string> |
Subject (optional, e.g. "CN=User,O=Org,OU=Unit"). |
string |
|
|
<string> |
Subject alternative name (optional, e.g. "DNS:dns1.com,IP:192.168.1.99"). |
string |
|
|
<ip> |
Source-IP for communications to the CMP server (optional). |
string |
|
execute vpn certificate local generate default-gui-mgmt-cert
Generate the default GUI mgmt admin-server certificate.
execute vpn certificate local generate default-gui-mgmt-cert
execute vpn certificate local generate default-ssl-ca
Generate the default CA certificate used by SSL Inspection.
execute vpn certificate local generate default-ssl-ca
execute vpn certificate local generate default-ssl-ca-untrusted
Generate the default untrusted CA certificate used by SSL Inspection.
execute vpn certificate local generate default-ssl-ca-untrusted
execute vpn certificate local generate default-ssl-key-certs
Generate the default RSA, DSA and ECDSA key certs for ssl resign.
execute vpn certificate local generate default-ssl-key-certs
execute vpn certificate local generate default-ssl-serv-key
Generate the default server key used by SSL Inspection.
execute vpn certificate local generate default-ssl-serv-key
execute vpn certificate local generate ec
Generate an elliptic curve certificate request.
execute vpn certificate local generate ec <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string> <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<string> |
Elliptic curve name: secp256r1, secp384r1 and secp521r1. |
string |
|
|
<string> |
Subject (Host IP/Domain Name/E-Mail). |
string |
|
|
<string> |
Country name (e.g. Canada) or country code (e.g. ca). |
string |
|
|
<string> |
State. |
string |
|
|
<string> |
City. |
string |
|
|
<string> |
Org. |
string |
|
|
<string> |
Unit(s); ',' as delimiter. |
string |
|
|
<string> |
Email. |
string |
|
|
<string> |
Subject alternative name (optional). |
string |
|
|
<string> |
URL of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Challenge password for signing via SCEP (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<string> |
CA identifier of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Password for private-key (optional). |
string |
|
|
<string> |
Installed CA certificate for generating fingerprint for validating CA from SCEP server (optional). |
string |
|
|
<string> |
Fingerprint for authenticating CA certificate from SCEP server. Ignored if valid CA for generating fingerprint is specified (optional). |
string |
|
execute vpn certificate local generate est
Generate an certificate via Enrollment over Secure Transport.
execute vpn certificate local generate est <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<string> |
Cryptography algorithm: rsa-1024, rsa-1536, rsa-2048, rsa-4096, ec-secp256r1, ec-secp384r1, ec-secp521r1 |
string |
|
|
<string> |
URL of the CA server. (e.g. https://example.com:1234). |
string |
|
|
<string> |
Subject (optional, e.g. "CN=User,O=Org,OU=Unit"). |
string |
|
|
<string> |
Subject alternative name (optional, e.g. "DNS:dns1.com,IP:192.168.1.99"). |
string |
|
|
<string> |
HTTP Authentication Username (optional). |
string |
|
|
<string> |
HTTP Authentication Password (optional). |
string |
|
|
<string> |
CA Identifier (optional). |
string |
|
|
<string> |
CA Server certificate (optional). |
string |
|
|
<string> |
Password for private-key (optional). |
string |
|
|
<string> |
Client certificate (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<string> |
TLS-SRP Username (optional). |
string |
|
|
<string> |
TLS-SRP Password (optional). |
string |
|
execute vpn certificate local generate rsa
Generate a RSA certificate request.
execute vpn certificate local generate rsa <string> <number> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string> <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<number> |
Key size: 1024, 1536, 2048, 4096. |
string |
|
|
<string> |
Subject (Host IP/Domain Name/E-Mail). |
string |
|
|
<string> |
Country name (e.g. Canada) or country code (e.g. ca). |
string |
|
|
<string> |
State. |
string |
|
|
<string> |
City. |
string |
|
|
<string> |
Org. |
string |
|
|
<string> |
Unit(s); ',' as delimiter. |
string |
|
|
<string> |
Email. |
string |
|
|
<string> |
Subject alternative name (optional). |
string |
|
|
<string> |
URL of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Challenge password for signing via SCEP (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<string> |
CA identifier of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Password for private-key (optional). |
string |
|
|
<string> |
Installed CA certificate for generating fingerprint for validating CA from SCEP server (optional). |
string |
|
|
<string> |
Fingerprint for authenticating CA certificate from SCEP server. Ignored if valid CA for generating fingerprint is specified (optional). |
string |
|
execute vpn certificate local import sftp
Import the signed certificate from a SFTP server.
execute vpn certificate local import sftp <string> <sftp server>[:sftp port] <user> <passwd> <string> <Enter>|<passwd>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the SFTP server. |
string |
|
|
<sftp server>[:sftp port] |
SFTP server IPv4, IPv6 can be attached with port. |
string |
|
|
<user> |
SFTP username. |
string |
|
|
<passwd> |
SFTP password. |
string |
|
|
<string> |
Certificate file type ('cer'|'p12'). |
string |
|
|
<Enter>|<passwd> |
Password for PKCS12 file. |
string |
|
execute vpn certificate local import tftp
Import the signed certificate from a TFTP server.
execute vpn certificate local import tftp <string> <tftp server> <string> <Enter>|<passwd>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
|
<string> |
Certificate file type ('cer'|'p12'). |
string |
|
|
<Enter>|<passwd> |
Password for PKCS12 file. |
string |
|
execute vpn certificate local verify
Verify certificate and private key files match and regenerate if mismatched.
execute vpn certificate local verify <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
execute vpn certificate remote export tftp
Export REMOTE certificate to a TFTP server.
execute vpn certificate remote export tftp <string> <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
REMOTE certificate name. |
string |
|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn certificate remote import tftp
Import REMOTE certificate from a TFTP server.
execute vpn certificate remote import tftp <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn ipsec tunnel down
Shut down the specified IPsec tunnel.
execute vpn ipsec tunnel down <phase1>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<phase1> |
Phase1 name. |
string |
|
execute vpn ipsec tunnel up
Activate the specified IPsec tunnel.
execute vpn ipsec tunnel up <phase1>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<phase1> |
Phase1 name. |
string |
|