[Server certificate Cert1 Menu] name - Set descriptive certificate name generate - Create or update self-signed server certificate intermca - Set Intermediate CA certificate chain del - Delete server certificate cur - Display current server certificate configuration |
Command Syntax and Usage | |
---|---|
name | |
An optional descriptive name of the server certificate in addition to the certificate ID. Values: up to 128 characters Note: Characters supported: a-z, A-Z, 0-9, '-'(hypen), and '_'(underscore) | |
generate | |
When you generate a certificate, you are prompted to provide the following: Note: The certificate can be based on an existing key or request created with the same ID. ![]() Values: rsa, ec (elliptic curve) Note: Elliptic Curve (EC) cryptography is a public-key cryptosystem derived from the difficulty of solving the elliptic curve discrete logarithm problem. It represents a different way to do public-key cryptography-an alternative to the older RSA system. The primary advantage of using Elliptic Curve based cryptography is that it requires significantly smaller key sizes than their non-elliptic curve equivalents and hence, ECC devices require less storage, less power, less memory, and less bandwidth than other systems. This allows you to implement cryptography in platforms that are constrained, such as wireless devices, handheld computers, smart cards, and thin-clients. It also provides a big win in situations where efficiency is important. For example, the current key-size recommendation for legacy public schemes is 2048 bits. A vastly smaller 224-bit ECC key offers the same level of security. This advantage only increases with security level-for example, a 3072 bit legacy key and a 256 bit ECC key are equivalent-something that will be important as stronger security systems become mandated and devices get smaller. ![]() Values (for rsa key type): 512, 1024, 2048, 4096 Default: Values (for ec key type): 192, 224, 256, 384, 521, curve Default: 256 If you selected curve, enter a user-defined curve “short” name. Default: prime256vl ![]() Values: md5, sha1, sha256, sha384, sha512 Default: sha256 ![]() Example: www.company.com ![]() The SAN field allows to define multiple domain/sub-domain names that are secured by the same certificate. It is required, for example, when you want to bind single certificate to multiple services. The additional names must be entered in the following format: DNS:domain1.com, DNS:www.domain2.com, DNS:finance.uk.domain2.com, …. ![]() — y — Use the default values you defined in the Certificate Repository menu. — n — You are prompted to provide these values. ![]() Values: 1-3650 days (10 years) Default: 365 (1 year) If this is a new server certificate with no associated Certificate Signing Request (CSR) and/or key, after generating the server certificate, a CSR and/or key is also created. | |
intermca | |
Specifies the Intermediate CA certificate or certificate chain (group) to be sent to the client together with the server certificate to construct the trust chain to the user’s trusted CAs. Values: ![]() ![]() ![]() | |
del | |
Deletes this certificate. | |
cur | |
Displays the current server certificate settings and the certificate’s serial number. |