| Chapter 32 Certificates |
|
|
Table 156 ca Commands Summary (continued) |
|
COMMAND | DESCRIPTION |
ca validation remote_certificate | Enters the sub command mode for validation of |
| certificates signed by the specified remote (trusted) |
| certificates. |
|
|
cdp {activatedeactivate} | Turns certificate revocation on or off. When it is turned on, |
| the ZyWALL validates a certificate by getting a Certificate |
| Revocation List (CRL) through HTTP or LDAP (can be |
| configured after activating the LDAP checking option) and |
| online responder (can be configured after activating the |
| OCSP checking option). You also need to configure the |
| OSCP or LDAP server details. |
|
|
ldap {activatedeactivate} | Has the ZyWALL check (or not check) incoming |
| certificates that are signed by this certificate against a |
| Certificate Revocation List (CRL) on a LDAP (Lightweight |
| Directory Access Protocol) directory server. |
|
|
ldap ip {ipfqdn} port <1..65535> [id name | Sets the validation configuration for the specified remote |
password password] [deactivate] | (trusted) certificate where the directory server uses LDAP. |
| ip: Type the IP address (in dotted decimal notation) or |
| the domain name of the directory server. The domain |
| name can use alphanumeric characters, periods and |
| hyphens. Up to 255 characters. |
| port: Specify the LDAP server port number. You must use |
| the same server port number that the directory server |
| uses. 389 is the default server port number for LDAP. |
| The ZyWALL may need to authenticate itself in order to |
| access the CRL directory server. Type the login name (up |
| to 31 characters) from the entity maintaining the server |
| (usually a certification authority). You can use |
| alphanumeric characters, the underscore and the dash. |
| Type the password (up to 31 characters) from the entity |
| maintaining the CRL directory server (usually a |
| certification authority). You can use the following |
| characters: |
|
|
ocsp {activatedeactivate} | Has the ZyWALL check (or not check) incoming |
| certificates that are signed by this certificate against a |
| directory server that uses OCSP (Online Certificate Status |
| Protocol). |
|
|
ocsp url url [id name password password] | Sets the validation configuration for the specified remote |
[deactivate] | (trusted) certificate where the directory server uses OCSP. |
| url: Type the protocol, IP address and pathname of the |
| OCSP server. |
| name: The ZyWALL may need to authenticate itself in |
| order to access the OCSP server. Type the login name (up |
| to 31 characters) from the entity maintaining the server |
| (usually a certification authority). You can use |
| alphanumeric characters, the underscore and the dash. |
| password: Type the password (up to 31 characters) from |
| the entity maintaining the OCSP server (usually a |
| certification authority). You can use the following |
| characters: |
|
|
no ca category {localremote} certificate_name | Deletes the specified local (my certificates) or remote |
| (trusted certificates) certificate. |
|
|
no ca validation name | Removes the validation configuration for the specified |
| remote (trusted) certificate. |
|
|
| 261 |
ZyWALL (ZLD) CLI Reference Guide | |
|
|