Chapter 32 Certificates

Table 155 Certificates Commands Input Values (continued)

LABEL

DESCRIPTION

organization

Identify the company or group to which the certificate owner belongs. You can use

 

up to 31 characters. You can use alphanumeric characters, the hyphen and the

 

underscore.

 

 

country

Identify the nation where the certificate owner is located. You can use up to 31

 

characters. You can use alphanumeric characters, the hyphen and the underscore.

 

 

key_length

Type a number to determine how many bits the key should use (512 to 2048). The

 

longer the key, the more secure it is. A longer key also uses more PKI storage space.

 

 

password

When you have the ZyWALL enroll for a certificate immediately online, the

 

certification authority may want you to include a key (password) to identify your

 

certification request. Use up to 31 of the following characters. a-zA-Z0-

 

9;`~!@#$%^&*()_+\{}':,./<>=-

 

 

ca_name

When you have the ZyWALL enroll for a certificate immediately online, you must

 

have the certification authority’s certificate already imported as a trusted certificate.

 

Specify the name of the certification authority’s certificate. It can be up to 31

 

alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.

 

 

url

When you have the ZyWALL enroll for a certificate immediately online, enter the IP

 

address (or URL) of the certification authority server. You can use up to 511 of the

 

following characters. a-zA-Z0-9'()+,/:.=?;!*#@$_%-

 

 

32.4 Certificates Commands Summary

The following table lists the commands that you can use to display and manage the ZyWALL’s summary list of certificates and certification requests. You can also create certificates or certification requests. Use the configure terminal command to enter the configuration mode to be able to use these commands.

Table 156 ca Commands Summary

COMMAND

 

DESCRIPTION

ca enroll cmp name

certificate_name cn-type {ip cn

Enrolls a certificate with a CA using Certificate

cn_addressfqdn cn

cn_domain_namemail cn cn_email}

Management Protocol (CMP). The certification authority

[ou organizational_unit] [o organization] [c country]

may want you to include a reference number and key

key-type {rsadsa}

key-len key_length num

(password) to identify your certification request.

<0..99999999> password password ca ca_name url url;

 

ca enroll scep name certificate_name cn-type {ip cn

Enrolls a certificate with a CA using Simple Certificate

cn_addressfqdn cn

cn_domain_namemail cn cn_email}

Enrollment Protocol (SCEP). The certification authority

[ou organizational_unit] [o organization] [c country]

may want you to include a key (password) to identify your

key-type {rsadsa}

key-len key_length password

certification request.

password ca ca_name url url

 

ca generate pkcs10

name certificate_name cn-type {ip

Generates a PKCS#10 certification request.

cn cn_addressfqdn

cn cn_domain_namemail cn

 

cn_email} [ou organizational_unit] [o organization]

 

[c country] key-type {rsadsa} key-len key_length

 

ca generate pkcs12

name name password password

Generates a PKCS#12 certificate.

ca generate x509 name certificate_name cn-type {ip cn

Generates a self-signed x509 certificate.

cn_addressfqdn cn

cn_domain_namemail cn cn_email}

 

[ou organizational_unit] [o organization] [c country]

 

key-type {rsadsa}

key-lenkey_length

 

ca rename category

{localremote} old_name new_name

Renames a local (my certificates) or remote (trusted

 

 

certificates) certificate.

 

 

 

260

 

ZyWALL (ZLD) CLI Reference Guide