system certificate ca-group
Use this command to group certificate authorities (CA).
CAs must belong to a group in order to be selected in a certificate verification rule.
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the admingrp
area. For details, see Permissions.
Syntax
config system certificate ca-group
edit "<ca-group_name>"
config members
edit <ca_index>
set type {CA | TSL}
set publish-dn {enable | disable}
set tsl "<tsl_name>"
set name "<ca_name>"
set trust-anchor {enable | disable}
next
end
next
end
Variable | Description | Default |
Enter the name of a certificate authority (CA) group. The maximum length is 63 characters. | No default. | |
Enter the index number of a CA within its group. The valid range is 1–999,999,999,999,999,999. | No default. | |
Enter the name of a previously uploaded CA certificate. | No default. | |
Select to upload CA certificate or TSL. | CA
|
|
tsl "<tsl_name>"
|
Enter the name of a TSL. | No default. |
Enable to list only certificates related to the specified CA Group. This is beneficial when a client installs many certificates in its browser or when apps don't list client certificates. If you enable this option, also enable the option in a certificate verification rule. For details, see system certificate verify. |
enable |
|
If |
disable |
Example
This example groups two CA certificates into a CA group named caVEndors1
.
config system certificate ca-group
edit "caVendors1"
config members
edit 1
set name "CA_Cert_1"
next
edit 2
set "name CA_Cert_2"
next
end
next
end