8

Certificate Commands

Use these commands to configure certificates.

8.1 Command Summary

The following table describes the values required for many certificates commands. Other values are discussed with the corresponding commands.

Table 19 certificates Command Input Values

LABEL

DESCRIPTION

<addr[:port]>

Specifies the server address (required) and port (optional). The format is

 

"server-address[:port]".

auth-key

Specifies the certificate’s key for user authentication. If the key contains

 

spaces, put it in quotes. To leave it blank, type "".

 

 

ca-addr

The IP address or domain name of the CA (Certification Authority) server.

 

 

ca-cert

The name of the CA certificate.

 

 

key-length

The length of the key to use in creating a certificate or certificate request. Valid

 

options are 512, 768, 1024, 1536 and 2048 bits.

 

 

[login:password]

The login name and password for the directory server, if required. The format is

 

"login:password".

name, old-name,

The identifying name of a certificate or certification request. Use up to 31

new-name

characters to identify a certificate. You may use any character (not including

 

spaces).

 

<old-name> specifies the name of the certificate to be renamed.

 

<new-name> specifies the new name for the certificate.

 

 

server-name

A descriptive name for a directory server. Use up to 31 ASCII characters

 

(spaces are not permitted).

 

 

subject

A certificate’s subject name and alternative name. Both are required.

 

The format is "subject-name-dn;{ip,dns,email}=value".

 

Example 1: "CN=ZyWALL,OU=CPE SW2,O=ZyXEL,C=TW;ip=172.21.177.79"

 

Example 2: "CN=ZyWALL,O=ZyXEL,C=TW;dns=www.zyxel.com"

 

Example 3: "CN=ZyWALL,O=ZyXEL,C=TW;email=dummy@zyxel.com.tw"

 

If the name contains spaces, put it in quotes.

 

 

timeout

The verification timeout value in seconds (optional).

 

 

The following section lists the certificates commands.

 

49

DSL & IAD CLI Reference Guide