ZyXEL Communications 70 Series User Manual
Page 767
ZyWALL 5/35/70 Series User’s Guide
767
Appendix P Certificates Commands
create
cmp_enroll
<name> <CA
addr> <CA
cert> <auth
key>
<subject>
[key size]
Create a certificate request and enroll for a
certificate immediately online using CMP
protocol. <name> specifies a descriptive name
for the enrolled certificate. <CA addr> specifies
the CA server address. <CA cert> specifies the
name of the CA certificate. <auth key> specifies
the id and key used for user authentication. The
format is "id:key". To leave the id and key blank,
type ":". <subject> specifies a subject name
(required) and alternative name (required). The
format is "subject-name-
dn;{ip,dns,email}=value". If the name contains
spaces, please put it in quotes. [key size]
specifies the key size. It has to be an integer
from 512 to 2048. The default is 1024 bits.
import
[name]
Import the PEM-encoded certificate from stdin.
[name] specifies the descriptive name (optional)
as which the imported certificate is to be saved.
For my certificate importation to be successful, a
certification request corresponding to the
imported certificate must already exist on
ZyWALL. After the importation, the certification
request will automatically be deleted. If a
descriptive name is not specified for the
imported certificate, the certificate will adopt the
descriptive name of the certification request.
export
<name>
Export the PEM-encoded certificate to stdout for
user to copy and paste. <name> specifies the
name of the certificate to be exported.
view
<name>
View the information of the specified local host
certificate. <name> specifies the name of the
certificate to be viewed.
verify
<name>
[timeout]
Verify the certification path of the specified local
host certificate. <name> specifies the name of
the certificate to be verified. [timeout] specifies
the timeout value in seconds (optional). The
default timeout value is 20 seconds.
delete
<name>
Delete the specified local host certificate.
<name> specifies the name of the certificate to
be deleted.
list
List all my certificate names and basic
information.
rename
<old name>
<new name>
Rename the specified my certificate. <old
name> specifies the name of the certificate to be
renamed. <new name> specifies the new name
as which the certificate is to be saved.
def_self_sig
ned
[name]
Set the specified self-signed certificate as the
default self-signed certificate. [name] specifies
the name of the certificate to be set as the
default self-signed certificate. If [name] is not
specified, the name of the current self-signed
certificate is displayed.
Table 273 Certificates Commands (continued)
COMMAND
DESCRIPTION