certificate

system certificate
SDE M10-Smart M2 RS420 AresC640

Digital certificates configuration

system certificate scep
SDE M10-Smart M2 RS420 AresC640

Simple Certificate Enrollment Protocol configuration

system certificate scep csr <id>
SDE M10-Smart M2 RS420 AresC640

SCEP server name

Values:

  • id – Server name (1-32)

Instances:

Multiple

Required:

Required:

system certificate scep csr <id> autoenrollment
SDE M10-Smart M2 RS420 AresC640

Enable autoenrollment

system certificate scep csr <id> autoenrollment retry-period <u32|id>
SDE M10-Smart M2 RS420 AresC640

Wait period between certificate request retries

Values:

  • u32 – Time in minutes (1-999999)

  • N[m/h/d/w] – Time in minutes/hours/days/weeks

system certificate scep csr <id> autoenrollment time <u32|id>
SDE M10-Smart M2 RS420 AresC640

Time before certificate expiration

Values:

  • u32 – Time in minutes (1-999999)

  • N[m/h/d/w] – Time in minutes/hours/days/weeks

system certificate scep csr <id> ca-fingerprint
SDE M10-Smart M2 RS420 AresC640

Expected fingerprint for the CA certificate

Instances:

Unique

system certificate scep csr <id> ca-fingerprint md5 <id>
SDE M10-Smart M2 RS420 AresC640

MD5 fingerprint

Values:

  • id – MD5 fingerprint in hex format (16)

system certificate scep csr <id> ca-fingerprint sha <id>
SDE M10-Smart M2 RS420 AresC640

SHA fingerprint

Values:

  • id – SHA fingerprint in hex format (20)

system certificate scep csr <id> ca-name <id>
SDE M10-Smart M2 RS420 AresC640
Values:

  • id – CA name

system certificate scep csr <id> cgi-path <txt>
SDE M10-Smart M2 RS420 AresC640
Values:

  • txt – CGI script path

system certificate scep csr <id> challenge-password <txt>
SDE M10-Smart M2 RS420 AresC640

Challenge password CSR request of enrollment

Values:

  • txt – Password (1-256)

system certificate scep csr <id> distinguished-names <txt>
SDE M10-Smart M2 RS420 AresC640

Comma separated list of distinguished names for the CSR

Values:

  • txt – DN (1-250)

system certificate scep csr <id> dns <id>
SDE M10-Smart M2 RS420 AresC640

Add DNS name as alternative name

Values:

  • id – Domain Name System

system certificate scep csr <id> email <id>
SDE M10-Smart M2 RS420 AresC640

Add email as alternative name

Values:

  • id – Email

system certificate scep csr <id> encrypted-password <password>
SDE M10-Smart M2 RS420 AresC640
Values:

  • password – Encrypted challenge password CSR request of enrollment

system certificate scep csr <id> ip-address <ipv4|ipv6>
SDE M10-Smart M2 RS420 AresC640

Add source IP address as alternative name

Values:

  • ipv4 – Local IPv4 address

  • ipv6 – Local IPv6 address

Local IP address:

system certificate scep csr <id> local-address <ipv4|ipv6>
SDE M10-Smart M2 RS420 AresC640

Local IP address to use as source for SCEP requests

Values:

  • ipv4 – Local IPv4 address for csr

  • ipv6 – Local IPv6 address for csr

Local IP address:

system certificate scep csr <id> local-interface <ifc>
SDE M10-Smart M2 RS420 AresC640
Values:

  • ifc – Interface to use as source for SCEP requests

system certificate scep csr <id> local-vrf <id>
SDE M10-Smart M2 RS420 AresC640

VRF where socket is bound

Reference:

system vrf <id>

system certificate scep csr <id> port <u32>
SDE M10-Smart M2 RS420 AresC640

SCEP server port

Values:

  • u32 – Port (1-65535)

system certificate scep csr <id> regenerate-key
SDE M10-Smart M2 RS420 AresC640

Regenerate key on enrollment

system certificate scep csr <id> rollover
SDE M10-Smart M2 RS420 AresC640

Enable rollover for CA expiration

system certificate scep csr <id> rollover retry-period <u32|id>
SDE M10-Smart M2 RS420 AresC640

Wait period between rollover retries

Values:

  • u32 – Time in minutes (1-999999)

  • N[m/h/d/w] – Time in minutes/hours/days/weeks

system certificate scep csr <id> rollover time <u32|id>
SDE M10-Smart M2 RS420 AresC640

Time before CA expiration

Values:

  • u32 – Time in minutes (1-999999)

  • N[m/h/d/w] – Time in minutes/hours/days/weeks

system certificate scep csr <id> rsa-key-length <u32>
SDE M10-Smart M2 RS420 AresC640

RSA key length in bits to generate

Values:

  • u32 – Key length (512-4096)

system certificate scep csr <id> serial-number
SDE M10-Smart M2 RS420 AresC640

Add router serial number to the CSR

system certificate scep csr <id> signer-names <txt>
SDE M10-Smart M2 RS420 AresC640

Comma separated list of distinguished names for the PKCS#7 envelop

Values:

  • txt – DN (1-250)

system certificate scep csr <id> url <ipv4|ipv6|txt>
SDE M10-Smart M2 RS420 AresC640

SCEP server address

Values:

  • ipv4 – SCEP IPv4 address

  • ipv6 – SCEP IPv6 address

  • txt – SCEP hostname

system certificate trust <file>
SDE M10-Smart M2 RS420 AresC640
Values:

  • file – Add a certificate to the trusted root certificates

Instances:

Multiple