gw-world:/> show Certificate HTTPSAdminCert
Property Value Remarks
----------------- -------------- ---------
Name: HTTPSAdminCert
Type: Local
CertificateData: (binary data)
PrivateKey: (binary data)
CRLChecks: Enforced
CRLDistPointList: <empty>
PKAType: RSA Read-only
IsCA: No Read-only
Attribute: <empty>
Comments: <empty>
Note: Certificates objects cannot be added using the CLI
The Add command is not used to create a certificate object in the CLI. Instead, certificate
files are uploaded directly using SCP and the upload creates the object directly.
Alternatively, the files can be uploaded using the Web Interface.
Certificate Object Properties
The key properties of a Certificate object are the following:
• Type
The Type property of a Certificate object can take one of the following values:
i. Local
This is the type for most certificates and means both the public key and the private key
of the certificate is stored on the firewall.
Local certificates can be signed or unsigned. They always consist of two files. A public
key file with the filetype .cer and a private key file with the filetype .key.
ii. Remote
This is the type for remote certificates which have the public key file residing locally in
NetDefendOS and the private key file present on a CA server. Often, the certificate is a
CA signed root certificate used to validate other certificates.
These certificates consist of just a single public key file with a filetype of .cer.
iii. Request
This type is not currently used by NetDefendOS.
• CRL Checks
The CRL Checks property of a Certificate object determines if the CRL for the certificate is to be
checked by NetDefendOS and what happens if the CRL cannot be retrieved to do the
checking. The possible values for this property are the following:
i. Enforced
This is the default and means that the associated CRL must be checked before the
certificate can be used for authentication. If the associated CRL cannot be retrieved,
Chapter 3: Fundamentals
269
To Next Page
Loading...
