Chapter 8 Certificates Commands

Table 24 Certificates Commands (continued)

COMMAND

DESCRIPTION

M

certificates my_cert create

Creates a certificate request and enroll for a certificate

R+B

cmp_enroll <name> <ca-address>

immediately online using CMP protocol.

 

<ca-cert><auth-key> <subject>

 

 

[key-length]

 

 

certificates my_cert create

Creates a certificate request and saves it on the ZyWALL for later

R+B

request <name> <subject> [key-

manual enrollment.

 

length]

 

 

certificates my_cert create

Creates a self-signed local host certificate.

R+B

self_signed <name> <subject>

key-length: specifies the key size. Valid options are 0, 512,

 

<key-length>[validity-period]

768, 1024, 1536 and 2048 bits. 0 applies the default value of

 

 

1024.

 

 

validity-period: specifies the validity period in years. Valid

 

 

range is 1~30. The default is 3.

 

 

 

 

certificates my_cert

Sets the specified self-signed certificate as the default self-signed

R+B

def_selfsigned [name]

certificate. If you do not specify a name, the name of the current

 

 

self-signed certificate displays.

 

certificates my_cert delete

Removes the specified local host certificate.

R+B

<name>

 

 

certificates my_cert export

Exports the PEM-encoded certificate to your CLI session window

R+B

<name>

for you to copy and paste.

 

certificates my_cert

Imports the specified certificate file from the specified remote web

R+B

http_import <url> <name>

server as the device’s own certificate. The certificate file must be

 

[proxy-url]

in one of the following formats: 1) Binary X.509, 2) PEM-encoded

 

 

X.509, 3) Binary PKCS#7, and 4) PEM-encoded PKCS#7.

 

 

A certification request corresponding to the imported certificate

 

 

must already exist. The certification request is automatically

 

 

deleted after the importation.

 

 

 

 

certificates my_cert import

Imports the PEM-encoded certificate from your CLI session. A

R+B

[name]

corresponding certification request must already exist on the

 

 

ZyWALL. The certification request is automatically deleted after

 

 

the importation. The name is optional, if you do not specify one,

 

 

the certificate adopts the name of the certification request. After

 

 

you enter the command, copy and paste the PEM-encoded

 

 

certificate into your CLI session window. With some terminal

 

 

emulation software you may need to move your mouse around to

 

 

get the transfer going.

 

 

 

 

certificates my_cert list

Displays all my certificate names and basic information.

R+B

certificates my_cert poll_req

Queries an SCEP server about a certification request that is

R+B

<name>

pending in an SCEP server's queue.

 

certificates my_cert rename

Renames the specified my certificate.

R+B

<old-name><new-name>

 

 

certificates my_cert

Creates a certificate using your device MAC address that is

R+B

replace_factory

specific to this device. The factory default certificate is a common

 

 

default certificate for all ZyWALL models.

 

certificates my_cert verify

Has the ZyWALL verify the certification path of the specified local

R+B

<name> [timeout]

host certificate.

 

certificates my_cert view

Displays information about the specified local host certificate.

R+B

<name>

 

 

certificates remote_trusted

Removes the specified trusted remote host certificate.

R+B

delete <name>

 

 

 

57

ZyWALL (ZyNOS) CLI Reference Guide