Certificate Commands

This chapter lists certificate commands.

certificate generate

This command, when entered on a concentrator that you made a Certificate Generator (CG) in the Certificates section, generates PKI root and private certificates for servers (called "server certificates" in this guide). It also allows you to generate a server certificate request on any concentrator. See the "Certificates" section for an overview of certificates.

certificate generate {root | server | request} key_length [locality city] [state state] [country country_code] [organization "organization_name"] [commonname "common_name"] [days validity_period]

Syntax Description

root | server | request

root generates a root certificate on the CG. You can then copy the root certificate using the show certificate commands and paste it into a text file for installation in a client or another server.

server generates a server certificate for the CG.

request generates a server certificate request on any concentrator that you can then copy using the certificate request show command and paste into the CG using the certificate import request command.

Note Set the time on the concentrator before using these commands using the Time Server section or the sys clock command.

key_length

512, 1024, 2048, or 4096

Specifies the number of bits generated for the key. Cisco Systems recommends using a key length of 1024. Larger keys can take the system up to an hour to generate.

city

A text string with no spaces identifying the city name where the concentrator resides.

state

A text string with no spaces identifying the state or province name where the concentrator resides.

country_code

A two letter country code where the concentrator resides.

"organization_name"

A phrase, with spaces allowed, identifying the company name or other organization name.

"common_
name"

A phrase, with spaces allowed, identifying the concentrator name, or a description of the certificate, such as "VPN 5008 Root Cert." If you do not specify a common name, the concentrator uses its device name.

validity_period

1 to 9999

Specifies the validity period of the certificate. If you do not enter a value, the system uses the value you set for Certificates section ValidityPeriod on the CG.

Examples

certificate generate request 1024 locality sanjose state california country US 
organization "Cisco" commonname "Cisco Server"

Related Commands

Command Description

certificate import

Imports a certificate

certificate remove

Checks that the server certificate is valid

certificate request

Removes all certificates

certificate verify

Creates a root or server certificate, or a certificate request

configure Certificates

Configures a certificate generator

show certificate

Shows certificate text or details

Command	Description
certificate import	Imports a certificate
certificate remove	Checks that the server certificate is valid
certificate request	Removes all certificates
certificate verify	Creates a root or server certificate, or a certificate request
configure Certificates	Configures a certificate generator
show certificate	Shows certificate text or details

Table of Contents