Reference Guide
SSL commands 3 Configuration commands
140 NN47928-107
ssl csr
The SSL Certificate Signing Request (CSR) allows a system administrator to
generate an X509 certificate, which can be self-signed by the SSL module or
signed by an external certificate authority (CA).
A single X509 CSR can be generated. Generating a CSR requires an SSL
key. To see the status of the SSL key, enter show ssl key.
Note: If the SSL CSR is deleted, new SSL connections cannot be created.
Syntax config ssl csr <certificate> country <code> state <name>
locality <name> orgname <name> orgunit <name> commonname
<domain> email <address>
Parameters type certificate Enter the certificate type x509.
country code Enter a two-letter country code. The default is
US for the United States. Go to www.iso.org for
the most recent list.
state name Enter a full name of a state or province, for
example, california.
locality name Enter a locality or city name, for example,
fremont.
orgname name Enter a company name, for example, U4EA.
orgunit name Enter the organizational unit of the company,
for example, engineering.
commonname domain Enter a domain name, for example,
www.example.com
email address Enter an email address, for example,
guest@example.com
Example This example imports an SSL CSR. SFTP must be used. The recommended
directory for the uploaded CSR file is /cf0sys/ssl. An example follows.
1. Connect the BSGX4e unit:
fred@cygnus ~ $ sftp admin@192.168.134.217
Connecting to 192.168.134.217...
The authenticity of host '192.168.134.217 (192.168.134.217)'
can't be established.
DSA key fingerprint is
9a:1f:34:52:f1:78:d7:6c:56:5b:9d:73:f0:da:1f:c0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.134.217' (DSA) to the list
of known hosts.
User: admin
Password:
2. Set the current directory and store the CSR file in it:
sftp> cd /cf0sys/ssl
sftp> put csr.pem