Filter
Top Products
Chapter 32 Certificates
ZyWALL (ZLD) CLI Reference Guide
260
32.4 Certificates Commands Summary
The following table lists the commands that you can use to display and manage the ZyWALL’s
summary list of certificates and certification requests. You can also create certificates or
certification requests. Use the
configure terminal command to enter the configuration mode to
be able to use these commands.
organization Identify the company or group to which the certificate owner belongs. You can use
up to 31 characters. You can use alphanumeric characters, the hyphen and the
underscore.
country Identify the nation where the certificate owner is located. You can use up to 31
characters. You can use alphanumeric characters, the hyphen and the underscore.
key_length Type a number to determine how many bits the key should use (512 to 2048). The
longer the key, the more secure it is. A longer key also uses more PKI storage space.
password When you have the ZyWALL enroll for a certificate immediately online, the
certification authority may want you to include a key (password) to identify your
certification request. Use up to 31 of the following characters. a-zA-Z0-
9;|`~!@#$%^&*()_+\{}':,./<>=-
ca_name When you have the ZyWALL enroll for a certificate immediately online, you must
have the certification authority’s certificate already imported as a trusted certificate.
Specify the name of the certification authority’s certificate. It can be up to 31
alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=-
characters.
url When you have the ZyWALL enroll for a certificate immediately online, enter the IP
address (or URL) of the certification authority server. You can use up to 511 of the
following characters. a-zA-Z0-9'()+,/:.=?;!*#@$_%-
Table 155 Certificates Commands Input Values (continued)
LABEL DESCRIPTION
Table 156 ca Commands Summary
COMMAND DESCRIPTION
ca enroll cmp name certificate_name cn-type {ip cn
cn_address|fqdn cn cn_domain_name|mail cn cn_email}
[ou organizational_unit] [o organization] [c country]
key-type {rsa|dsa} key-len key_length num
<0..99999999> password password ca ca_name url url;
Enrolls a certificate with a CA using Certificate
Management Protocol (CMP). The certification authority
may want you to include a reference number and key
(password) to identify your certification request.
ca enroll scep name certificate_name cn-type {ip cn
cn_address|fqdn cn cn_domain_name|mail cn cn_email}
[ou organizational_unit] [o organization] [c country]
key-type {rsa|dsa} key-len key_length password
password ca ca_name url url
Enrolls a certificate with a CA using Simple Certificate
Enrollment Protocol (SCEP). The certification authority
may want you to include a key (password) to identify your
certification request.
ca generate pkcs10 name certificate_name cn-type {ip
cn cn_address|fqdn cn cn_domain_name|mail cn
cn_email} [ou organizational_unit] [o organization]
[c country] key-type {rsa|dsa} key-len key_length
Generates a PKCS#10 certification request.
ca generate pkcs12 name name password password Generates a PKCS#12 certificate.
ca generate x509 name certificate_name cn-type {ip cn
cn_address|fqdn cn cn_domain_name|mail cn cn_email}
[ou organizational_unit] [o organization] [c country
]
key-type {rsa|dsa} key-len key_length
Generates a self-signed x509 certificate.
ca rename category {local|remote} old_name new_name Renames a local (my certificates) or remote (trusted
certificates) certificate.