P-662H/HW-D Series User’s Guide

Table 166 Certificates Commands (continued)

COMMAND

DESCRIPTION

 

 

 

 

 

 

 

create

cmp_enroll

Create a certificate request and enroll for a

 

 

<name> <CA

certificate immediately online using CMP

 

 

addr> <CA

protocol. <name> specifies a descriptive name

 

 

cert> <auth

for the enrolled certificate. <CA addr> specifies

 

 

the CA server address. <CA cert> specifies the

 

 

key>

 

 

name of the CA certificate. <auth key> specifies

 

 

<subject>

the id and key used for user authentication. The

 

 

[key size]

format is "id:key". To leave the id and key blank,

 

 

 

type ":". <subject> specifies a subject name

 

 

 

(required) and alternative name (required). The

 

 

 

format is "subject-name-

 

 

 

dn;{ip,dns,email}=value". If the name contains

 

 

 

spaces, please put it in quotes. [key size]

 

 

 

specifies the key size. It has to be an integer

 

 

 

from 512 to 2048. The default is 1024 bits.

 

import

[name]

Import the PEM-encoded certificate from stdin.

 

 

 

[name] specifies the descriptive name (optional)

 

 

 

as which the imported certificate is to be saved.

 

 

 

For my certificate importation to be successful, a

 

 

 

certification request corresponding to the

 

 

 

imported certificate must already exist on

 

 

 

ZyWALL. After the importation, the certification

 

 

 

request will automatically be deleted. If a

 

 

 

descriptive name is not specified for the

 

 

 

imported certificate, the certificate will adopt the

 

 

 

descriptive name of the certification request.

 

export

<name>

Export the PEM-encoded certificate to stdout for

 

 

 

user to copy and paste. <name> specifies the

 

 

 

name of the certificate to be exported.

 

view

<name>

View the information of the specified local host

 

 

 

certificate. <name> specifies the name of the

 

 

 

certificate to be viewed.

 

verify

<name>

Verify the certification path of the specified local

 

 

[timeout]

host certificate. <name> specifies the name of

 

 

 

the certificate to be verified. [timeout] specifies

 

 

 

the timeout value in seconds (optional). The

 

 

 

default timeout value is 20 seconds.

 

delete

<name>

Delete the specified local host certificate.

 

 

 

<name> specifies the name of the certificate to

 

 

 

be deleted.

 

list

 

List all my certificate names and basic

 

 

 

information.

 

rename

<old name>

Rename the specified my certificate. <old

 

 

<new name>

name> specifies the name of the certificate to be

 

 

 

renamed. <new name> specifies the new name

 

 

 

as which the certificate is to be saved.

 

def_self_sig

[name]

Set the specified self-signed certificate as the

 

ned

 

default self-signed certificate. [name] specifies

 

 

 

the name of the certificate to be set as the

 

 

 

default self-signed certificate. If [name] is not

 

 

 

specified, the name of the current self-signed

 

 

 

certificate is displayed.

422

Appendix I Certificates Commands