|
|
This command, when entered on a concentrator that you made a Certificate Generator (CG) in the Certificates section, imports, approves, or rejects server certificate requests from other concentrators. The show command, when entered on a non-CG server, shows a certificate request. See the "Certificates" section for an overview of certificates.
certificate request {import | show | pending | approve identifier [days] | reject identifier} |
Note Set the time on the concentrator before using these commands using the Time Server section or the sys clock command. |
import | On a CG, imports a server certificate request. The system prompts you to paste the request. Paste the request at the prompt, adding a period (.) on a separate line after the request, and press the Enter key. |
show | Shows the last certificate that was requested by the concentrator using the certificate generate request command. Showing the request allows you to cut the text and paste it into a Certificate Authority or CG. |
pending | On a CG, shows all pending requests for server certificates that were imported using the certficate import request command. Note the identifier from the resulting display to approve or reject a request. |
approve identifier [days] | On a CG, approves a server certificate request that was imported using the certficate import request command.
|
reject identifier | On a CG, rejects a server certificate request that was imported using the certficate import request command. identifier is the identifier for the request, as shown using the certificate request pending command. |
> certificate request approve 1 100 > certificate request show
The console displays the request text in PKCS #10 and PEM format, as in the following example:
-----BEGIN CERTIFICATE REQUEST----- MIIBWjCBxAIBADAbMRkwFwYDVQQDExBCb2IncyBJbnRyYVBvcnQyMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQDfEX5KdJyxKFJn2b0VLDd96YmYZSz9kyayugaW aWacZpOT4njtiSohK4OYavJkoJBuVjjiozfS03zA1U21xepwQqrzG0RZUKCPCnE0 sxIpGo0bcMQFGwmKQ5f6Oj1QKzy117EwQjvd8CciCM8ae+ugLlGd7eIj6LAcrcbM Z9lIVQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEALJndSfRXsuzqd4p+fCPrDacF BX8LnLpiw4hFX8Z4quSULAp2F6Sz3AUIe3muxhWpQkrYriT7ki5tD7nzhLWkzwGE aiRlhosfBBVA/5Wk/KXP9k8AyfHDSDdVGQRV19Qgu2ggmQI1P2tsJ6zM5GMr+9/T 389ZA4HO9kt8DA658w0= -----END CERTIFICATE REQUEST----- > certificate request pending
The console shows a list of requests, each with an identifying number, as in the following example:
&& Ce nt er && Id 1 2 | Requested By /CN=Goldy's VPN 5000 /CN=Bob's VPN 5000 | Request Date Feb 17 15:02:35 2000 GMT Feb 18 11:05:27 2000 GMT |
> certificate request approve 1
The console immediately displays the server certificate text in PKCS #7 and PEM format, as in the following example:
-----BEGIN PKCS7----- MIAGCSqGSIb3DQEHAqCAMIIB1wIBATEAMIAGCSqGSIb3DQEHAQAAoIIBvTCCAbkw ggFjoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAwZjELMAkGA1UEBhMCQVUxETAPBgNV BAgTCENvbG9yYWRvMRAwDgYDVQQHEwdCb3VsZGVyMRswGQYDVQQKExJDb21wYXRp YmxlIFN5c3RlbXMxFTATBgNVBAMTDEludHJhcG9ydCBDQTAeFw05OTEyMDEwMDEx MzFaFw05OTEyMzEwMDExMzFaMGYxCzAJBgNVBAYTAkFVMREwDwYDVQQIEwhDb2xv cmFkbzEQMA4GA1UEBxMHQm91bGRlcjEbMBkGA1UEChMSQ29tcGF0aWJsZSBTeXN0 ZW1zMRUwEwYDVQQDEwxJbnRyYXBvcnQgQ0EwWjALBgkqhkiG9w0BAQEDSwAwSAJB AKcGdw1H2Mr7ZMIflx8rWzb2S56WimZtO4mxcAoQa7yezyZ8cXN+o+QkvxsTLSsM 3YRHWE4voI6hIJbOG1gnUD0CAwEAATANBgkqhkiG9w0BAQQFAANBABnW5Np3La8t Z5P6Od3BDX7BKbefLMJXoDPN31cbAqy40L/WVwKKWGoD/M+QTrHKMt+T1RhlTr+Z Gl3QT4+6wPwxAAAAAAA= -----END PKCS7-----
| Command | Description |
|---|---|
certificate generate | Creates a root or server certificate, or a certificate request |
certificate import | Imports a certificate |
certificate remove | Removes all certificates |
certificate verify | Creates a root or server certificate, or a certificate request |
configure Certificates | Configures a certificate generator |
show certificate | Shows certificate text or details |
Posted: Wed Sep 27 11:48:27 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.