You are here: Home > CLI Commands > Just_CLI_Topics > show crypto-local pki

show crypto-local pki

show crypto-local pki

CRL

[<name> [ALL | crlnumber | fingerprint | hash| issuer | lastupdate | nextupdate]]

crl-stats

IntermediateCA

[<name> [alias | ALL | dates | fingerprint | hash | issuer | modulus | purpose | serial | subject]]

ocsp-client-stats

OCSPResponderCert

[<name> [alias | ALL | dates | fingerprint | hash | issuer | modulus | purpose | serial | subject]]

OCSPSignerCert

[<name> [alias | ALL | dates | fingerprint | hash | issuer | modulus | purpose | serial | subject]]

PublicCert

[<name> [alias | ALL | dates | fingerprint | hash | issuer | modulus | purpose | serial | subject]]

rcp [<name>]

ServerCert

[<name> [alias | ALL | dates | fingerprint | hash | issuer | modulus | purpose | serial | subject]]

TrustedCA

[<name> [alias | ALL | dates | fingerprint | hash | issuer | modulus | purpose | serial | subject]]

service-ocsp-responder [stats]

Descriptions

Execute this command to show local certificate, OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer or responder certificate, and CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. data and statistics.

Syntax

Parameter

Description

CRL

Shows the name, original filename, reference count and expiration status of all CRLs on this controller.

<name> ALL

Shows the version, signature algorithm, issuer, last update, next update, and CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. extensions and all other attributes of this CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority..

<name> crlnumber

Shows the number of this CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority..

<name> fingerprint

Shows the fingerprint of this CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority..

<name> hash

Shows the hash number of this CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority..

<name> issuer

Shows the issuer of this CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority..

<name> lastupdate

Shows the last update (date and time) at which the returned status is known to be correct.

<name> nextupdate

Shows the next date and time (date and time) where the responder retrieves updated status information for this certificate. If this information is not present, then the responder always holds up to date status information.

crl-stats

Shows the CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. request statistics.

IntermediateCA

Shows the name, original filename, reference count and expiration status of this certificate.

NOTE: IntermediateCA has the identical sub-parameters as those listed under the TrustedCA parameter in this table.

ocsp-client-stats

Shows the OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. client statistics.

OSCPResponderCert

Shows the name, original filename, reference count and expiration status of all OCSPResponderCert certificates on this controller.

NOTE: OCSPResponderCert has the identical sub-parameters as those listed under the TrustedCA parameter in this table.

OCSPSignerCert

Shows the OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. Signer certificate.

NOTE: OCSPSignerCert has the identical sub-parameters as those listed under the TrustedCA parameter in this table.

PublicCert

Shows Public key information of a certificate. This certificate allows an application to identify an exact certificate.

NOTE: PublicCert has the identical sub-parameters as those listed under the TrustedCA parameter in this table.

rcp

Shows the revocation check point.

ServerCert

Shows Server certificate information. This certificate must contain both a public and a private keyThe part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. (the public and private keys must match). You can import a server certificate in either PKCS12 or X.509X.509 is a standard for a public key infrastructure for managing digital certificates and public-key encryption. It is an essential part of the Transport Layer Security protocol used to secure web and email communication. PEM format; the certificate is stored in X.509X.509 is a standard for a public key infrastructure for managing digital certificates and public-key encryption. It is an essential part of the Transport Layer Security protocol used to secure web and email communication. PEM DESData Encryption Standard. DES is a common standard for data encryption and a form of secret key cryptography, which uses only one key for encryption and decryption. encrypted format on the controller.

NOTE: ServerCert has the identical sub-parameters as those listed under the TrustedCA parameter in this table.

TrustedCA

Shows trusted CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate information. This certificate can be either a root CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. or intermediate CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.. Aruba encourages (but does not require) the signing CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. of the an intermediate CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. to be the controller itself.

<name> ALL

Shows the version, signature algorithm, issuer, last update, next update, and CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. extensions and all other attributes of this certificate.

<name> alias

Shows this certificate’s alias, if it exists.

<name> dates

Shows the dates for which this certificate is valid.

<name> fingerprint

Shows the certificate’s fingerprint.

<name> hash

Shows the hash number of this certificate.

<name> issuer

Shows the certificate issuer.

<name> modulus

Shows the modulus which is part of the public keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. of the certificate.

<name> purpose

Shows the certificate’s purposes such as if this is an SSLSecure Sockets Layer. SSL is a computer networking protocol for securing connections between network application clients and servers over the Internet. server, SSLSecure Sockets Layer. SSL is a computer networking protocol for securing connections between network application clients and servers over the Internet. server CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. and so on.

<name> serial

Shows the certificate’s serial number.

<name> subject

Shows the certificate’s subject identification number.

service-ocsp-responder [stats]

Shows if OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder service is enabled and shows statistics.

Usage Guidelines

Use the show crypto-local pki command to view all CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. and certificate status, OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. client and OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder status and statistics.

Example

This example displays a list of all OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder certificates on this controller.

(host) [mynode] #show crypto-local pki OCSPResponderCert

 

Certificates

------------

Name Original Filename Reference Count Expired

-------------- ----------------- --------------- -------

ocspJan28 ocspresp-jan28.cer 0 No

ocspresp-standalone-feb21 ocspresp-feb21.cer 0 No

ocsprespFeb02 ocspresp-feb2.cer 1 No

OCSPresponder1 ocspresponder-new1.cer 0 No

ocspresponder2 subsubCA-ocsp-res-2.cer 0 No

OCSPresponderlatest ocspresponder-latest.cer 0 No

The output of this command includes the following parameters:

Parameter

Description

Name

Name of the OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder certificate.

Original Filename

Name of the original certificate when it was added to the controller.

Reference Count

Number of RCPs that reference this OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder certificate, signer certificate or CRLCertificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority..

Expired

Shows whether the controller has enabled or disabled client remediation with Sygate-on-demand-agent.

This example shows the dates for which this OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder certificate is valid.

(host) [mynode] #show crypto-local pki OCSPResponderCert ocspJan28 dates

notBefore=Jan 21 02:37:47 2011 GMT

notAfter=Jan 20 02:37:47 2013 GMT

This example displays the certificate’s hash number.

(host) [mynode] #show crypto-local pki OCSPResponderCert ocspJan28 hash 91dcb1b3

This example shows the purpose and information about this certificate.

(host) [mynode] #show crypto-local pki OCSPResponderCert ocspJan28 purpose

Certificate purposes:For validation

SSL client : No

SSL client CA : No

SSL server : No

SSL server CA : No

Netscape SSL server : No

Netscape SSL server CA : No

S/MIME signing : No

S/MIME signing CA : No

S/MIME encryption : No

S/MIME encryption CA : No

CRL signing : No

CRL signing CA : No

Any Purpose : Yes

Any Purpose CA : Yes

OCSP helper : Yes

OCSP helper CA : No

This example displays the certificate’s subject.

(host) [mynode] #show crypto-local pki OCSPResponderCert ocspJan28 subject

 

subject= /CN=WIN-T1BQQFMVDED.security1.qa.mycorp.com

Related Commands

Command

Description

crypto-local pki

This command is saved in the configuration file and verifies the presence of the certificate in the controller’s internal directory structure.

crypto-local pki rcp <name>

Specifies the certificates that are used to sign OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responses for this revocation check point

Command History

Command

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/