Public Key Infrastructure (PKI) Commands
Page 152 7450 ESS System Mangement Guide
Public Key Infrastructure (PKI) Commands
pki
Syntax pki
Context config>system>security
Description This command enables the context to configure certificate parameters.
Default none
ca-profile
Syntax ca-profile name [create]
no ca-profile name
Context config>system>security>pki
Description This command creates a new ca-profile or enter the configuration context of an existing ca-profile.
Up to 128 ca-profiles could be created in the system. A shutdown the ca-profile will not affect the
current up and running ipsec-tunnel or ipsec-gw that associated with the ca-profile. But authentica-
tion afterwards will fail with a shutdown ca-profile.
Executing a no shutdown command in this context will cause system to reload the configured cert-
file and crl-file.
A ca-profile can be applied under the ipsec-tunnel or ipsec-gw configuration.
The no form of the command removes the name parameter from the configuration. A ca-profile can
not be removed until all the association(ipsec-tunnel/gw) have been removed.
Parameters name — Specifies the name of the ca-profile, a string up to 32 characters.
create — Keyword used to create a new ca-profile. The create keyword requirement can be enabled/
disabled in the environment>create context.
cert-file
Syntax cert-file filename
no cert-file
Context config>system>security>pki>ca-profile
Description Specifies the filename of a file in cf3:\system-pki\cert as the CA’s certificate of the ca-profile.
Notes:
To Next Page
Loading...
