Chapter 58 Certificates
ZyWALL Series CLI Reference Guide
497
ca rename category {local|remote} old_name
new_name
Renames a local (my certificates) or remote
(trusted certificates) certificate.
ca validation remote_certificate
Enters the sub command mode for validation
of certificates signed by the specified remote
(trusted) certificates.
Note: At the time of writing, it is not
possible to validate ECDSA
certificates on the Zyxel Device.
cdp {activate|deactivate}
Turns certificate revocation on or off. When it is
turned on, the Zyxel Device validates a
certificate by getting a Certificate Revocation
List (CRL) through HTTP or LDAP (can be
configured after activating the LDAP checking
option) and online responder (can be
configured after activating the OCSP
checking option). You also need to configure
the OSCP or LDAP server details.
ldap {activate|deactivate}
Has the Zyxel Device check (or not check)
incoming certificates that are signed by this
certificate against a Certificate Revocation
List (CRL) on a LDAP (Lightweight Directory
Access Protocol) directory server.
ldap ip {ip|fqdn} port <1..65535> [id name
password password] [deactivate]
Sets the validation configuration for the
specified remote (trusted) certificate where
the directory server uses LDAP.
ip: Type the IP address (in dotted decimal
notation) or the domain name of the directory
server. The domain name can use
alphanumeric characters, periods and
hyphens. Up to 255 characters.
port: Specify the LDAP server port number.
You must use the same server port number
that the directory server uses. 389 is the default
server port number for LDAP.
The Zyxel Device may need to authenticate
itself in order to access the CRL directory
server. Type the login name (up to 31
characters) from the entity maintaining the
server (usually a certification authority). You
can use alphanumeric characters, the
underscore and the dash.
Type the password (up to 31 characters) from
the entity maintaining the CRL directory server
(usually a certification authority). You can use
the following characters: a-zA-Z0-
9;|`~!@#$%^&*()_+\{}':,./<>=-
ocsp {activate|deactivate}
Has the Zyxel Device check (or not check)
incoming certificates that are signed by this
certificate against a directory server that uses
OCSP (Online Certificate Status Protocol).
Table 283 ca Commands Summary (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
