Reference Guide
3 Configuration commands SSL commands
NN47928-107 139
ssl certificate
The SSL certificate allows a system administrator to configure an X509
certificate used by the SSL server. There are two methods to generate the
X509 certificate: either it is generated from a self signed SSL CSR or the
SSL CSR is signed by an external certificate authority and a certificate is
imported.
A single X509 certificate can be generated. When self-signed, the certificate
is derived from the current CSR record and key record. Thus, a self-signed
certificate can be generated only if an SSL key record and an SSL CSR
record exist.
Alternately, an SSL CSR can be imported using a file containing a certificate
signed by an external certificate authority (CA). The certificate must be in
PEM format with no header before the ----- BEGIN CERTIFICATE ----- text.
When a CA-signed certificate is imported, it is checked that the certificate is
in the correct PEM format. If the format is incorrect, the certificate is not
imported.
Syntax config ssl certificate <type> signed [self|null] import <pem
format>
Parameters type Enter the certificate type x509.
signed self|null Self-sign the current CSR. See ssl csr on page
140.
import pem format Enter the PEM format file from which to import
the certificate.
Example This example generates an RSA key of 768 bits. It then generates an SSL
CSR for the Sells unit of the company EiffelGroup in Paris, France and,
finally, generates a self-signed SSL certificate. See ssl csr on page 140
and
ssl key on page 142
for more information on assigning an SSL CSR and key.
> config ssl key rsa bits 768
> config ssl csr x509 country FR no state locality Paris
orgname EiffelGroup orgunit Sells commonname
www.eiffelgroup.com email contact@eiffelgroup.com
> config ssl certificate x509 signed self
Related
commands
del ssl certificate
display ssl certificate
show ssl certificate
show ssl csr
show ssl key