Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/ssl/certs/cert
Server Certificate Menu
Use this menu to generate, view, or delete a server certificate. The server certificate configuration includes the attributes needed to perform SSL handshaking and enable the decryption and encryption of the traffic related to the virtual service.
Along with an SSL policy, you must associate a server certificate with an SSL-based virtual service for SSL offloading to be functional. You can associate only a single server certificate to a virtual service.
 
[Server certificate Cert1 Menu]
name - Set descriptive certificate name
generate - Create or update self-signed server certificate
     intermca - Set Intermediate CA certificate chain
del - Delete server certificate
cur - Display current server certificate configuration
 
Server Certificate Menu 
Command Syntax and Usage
name
 
An optional descriptive name of the server certificate in addition to the certificate ID.
Values: up to 128 characters
Note: Characters supported: a-z, A-Z, 0-9, '-'(hypen), and '_'(underscore)
generate
 
When you generate a certificate, you are prompted to provide the following:
Note: The certificate can be based on an existing key or request created with the same ID.
*Key type — The encription type used for secure data transmission.
Values: rsa, ec (elliptic curve)
Note: Elliptic Curve (EC) cryptography is a public-key cryptosystem derived from the difficulty of solving the elliptic curve discrete logarithm problem. It represents a different way to do public-key cryptography-an alternative to the older RSA system. The primary advantage of using Elliptic Curve based cryptography is that it requires significantly smaller key sizes than their non-elliptic curve equivalents and hence, ECC devices require less storage, less power, less memory, and less bandwidth than other systems. This allows you to implement cryptography in platforms that are constrained, such as wireless devices, handheld computers, smart cards, and thin-clients. It also provides a big win in situations where efficiency is important.
For example, the current key-size recommendation for legacy public schemes is 2048 bits. A vastly smaller 224-bit ECC key offers the same level of security. This advantage only increases with security level-for example, a 3072 bit legacy key and a 256 bit ECC key are equivalent-something that will be important as stronger security systems become mandated and devices get smaller.
*Key size — Larger key sizes offer an increased level of security. Using a certificate of a larger size makes it very difficult to forge a digital signature or decode an encrypted message.
Values (for rsa key type): 512, 1024, 2048, 4096
Default:
Values (for ec key type): 192, 224, 256, 384, 521, curve
Default: 256
If you selected curve, enter a user-defined curve “short” name. Default: prime256vl
*Hash algorithm — The hash algorithm to sign the certificate.
Values: md5, sha1, sha256, sha384, sha512
Default: sha256
*Common name — The domain name of the organization. Mandatory.
Example: www.company.com
*Subject Alternative Name (SAN) — The Subject Alternative Name (SAN) associated with the certificate.
The SAN field allows to define multiple domain/sub-domain names that are secured by the same certificate. It is required, for example, when you want to bind single certificate to multiple services.
The additional names must be entered in the following format: DNS:domain1.com, DNS:www.domain2.com, DNS:finance.uk.domain2.com, ….
*Use certificate default values:
y — Use the default values you defined in the Certificate Repository menu.
n — You are prompted to provide these values.
*Validation period — Duration (in days) that the certificate remains valid.
Values: 1-3650 days (10 years)
Default: 365 (1 year)
If this is a new server certificate with no associated Certificate Signing Request (CSR) and/or key, after generating the server certificate, a CSR and/or key is also created.
intermca
 
Specifies the Intermediate CA certificate or certificate chain (group) to be sent to the client together with the server certificate to construct the trust chain to the user’s trusted CAs.
Values:
*Certificate — You will be prompted to select a certificate of type Intermediate CA from the Certificate Repository.
*Group — You will be prompted to select a certificate group of type Intermediate CA from the Certificate Repository.
*None — Do not use an intermediate CA.
del
 
Deletes this certificate.
cur
 
Displays the current server certificate settings and the certificate’s serial number.