You are here: Home > CLI Commands > Just_CLI_Topics > crypto pki

crypto pki

crypto pki

csr {ec|rsa}

key_len <key_val>

curve-name <key_val>

common_name <common_val>

country <country_val>

state_or_province <state>

city <city_val>

organization <organization_val>

unit <unit_val>

email <email_val>

expirycheck

export ca-cert pem self-signed {console|<filename>}

 

Description

Generate a Certificate Signing Request (CSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.) for the captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. feature.

Syntax

Parameter

Description

csr {ec|rsa}

Generate a certificate signing request. Execute the show crypto pki csr command to view output again. This parameter has the following sub-parameters:

ec– Generate a certificate signing request with an Elliptic Curve (EC) key.

rsa– Generate a certificate signing request with a Rivest, Shamir and Adleman (RSARivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.) key.

key_len <key_val>

Generate a certificate signing request with an RSARivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. key with one of the following supported RSARivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. key lengths:

1024

2048

4096

curve-name <key_val>

Generate a certificate signing request with an EC key, with one of the following EC types:

secp256r1

secp384r1

common_name <common_val>

Specify a common name, e.g., www.yourcompany.com.

country <country_val>

Specify a country name, e.g., US or CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate..

state_or_province <state>

Specify the name of a state or province.

city <city_val>

Specify the name of a city.

organization <organization_val>

Specify the name of an organization unit, e.g., sales.

unit <unit_val>

Specify a unit value, e.g. EMEA.

email <email_val>

Specify an email address, in the format name@mycompany.com.

expirycheck

Run an expiry check on all certificates on the managed device.

export

Export self signed PKIPublic Key Infrastructure. PKI is a security technology based on digital certificates and the assurances provided by strong cryptography. See also certificate authority, digital certificate, public key, private key. CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate in .pem format.

Usage Guidelines

Use this command in enable mode to generate a CSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate. for the Captive PortalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. feature or to see all managed devices certificates are expiring.

Display the CSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate. output by entering the command show crypto pki csr.

Example

The following command configures a CSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate. for a user with the email address jdoe@example.com.

(host) [md] #crypto pki csr key 1024 common_name www.example.lcom country US state_or_province ca city Sunnyvale organization engineering unit pubs email jdoe@example.com

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Enable mode on Mobility Master.

/*]]>*/