cc/td/doc/product/aggr/vpn5000/5000sw/conc52x/ref52x
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

show certificate

show certificate

The show certificate command shows the certificates installed, details about each certificate, or the certifcate text. See the "Certificates" section for an overview of certificates.

show certificate {installed |
details {root | server} |
pem {root | server} [x509] |
fingerprint {root | server} |
generator}

Syntax Desciption

installed

Lists the certificates installed, including the type and basic information.

details {root | server}

Shows details for a root or server certificate.

pem {root | server} [x509]

Shows the root or server certficate text in PEM format. By default, the certficate is in PKCS #7 format. x509 shows the certificate in X.509 format.

fingerprint {root | server}

Shows the root or server certficate fingerprint, which is the message-digest 5 hash (MD5) authentication algorithm.

generator

When entered on a CG, shows whether the CG is "idle" or "busy" generating a certificate.

Usage Guidelines

The following sections describe the display contents for each command.

show certificate installed Display

The show certificate installed display includes the following information for each certificate:

Serial Number

Issuer

Information about the CA or CG that issued the certificate. All fields may not be present:

  • C is the country code.

  • O is the organization name.

  • OU is the organizational unit.

  • L is the city name.

  • ST is the state name.

Subject

For a root certificate, information about the certificate similar to the issuer information.

For a server certificate, CN is the common name to identify the server.

Validity

The certificate start and expiration dates.

MD5 Fingerprint

A unique identifier for the certificate.

show certificate detailed Display

The show certificate detailed display includes the following information for a certificate:

Version

Serial Number

Signature Algorithm

Shows the algorithm type.

Issuer

Information about the CA or CG that issued the certificate. All fields may not be present:

  • C is the country code.

  • O is the organization name.

  • OU is the organizational unit.

  • L is the city name.

  • ST is the state name.

Subject

For a root certificate, information about the certificate similar to the issuer information.

For a server certificate, CN is the common name to identify the server.

Validity

The certificate start and expiration dates.

MD5 Fingerprint

A unique identifier for the certificate.

Subject Public Key Info

Shows the Public Key Algorithm type.

RSA Public Key

Shows the key length in bits.

Signature Algorithm

Shows the actual algorithm.

Examples

The following sections show an example for each command.

show certificate installed Example

> show certificate installed
 
Root Certificate:

    Serial Number: 77:37:3a:33:37:3a:33:61:3a:33:33:3a:33:37:3a:33
Issuer: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=Colorado
Subject: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=Colorado
Validity

      Not Before: Apr 21 00:00:00 2000 GMT
Not After : Apr 20 23:59:59 2005 GMT

MD5 Fingerprint: B0:DD:DD:DE:13:29:3C:54:95:F7:BD:5C:B7:0C:CA:E6

Server Certificate:

    Serial Number: 37:37:3a:33:37:3a:33:61:3a:33:33:3a:33:37:3a:33
Issuer: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=Colorado
Subject: CN=IntraPortCarrier_A5C5C600
Validity

      Not Before: Apr 24 00:00:00 2000 GMT
Not After : Apr 24 23:59:59 2001 GMT

MD5 Fingerprint: 2A:93:5F:02:7A:9D:68:80:63:8E:29:68:DA:5A:9A:BD

 show certificate details Example


> show certificate details server
 
Server Certificate:

    Version: 3 (0x2)
Serial Number: 33:33:3a:33:33:3a:33:61:3a:33:33:3a:33:33:3a:33
 
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=Colorado
Subject: CN=IntraPortCarrier_A5C5C600
Validity

      Not Before: Apr 24 00:00:00 2000 GMT
Not After : Apr 24 23:59:59 2001 GMT

MD5 Fingerprint: 2A:93:5F:02:7A:9D:68:80:63:8E:29:68:DA:5A:9A:BD
Subject Public Key Info:

    Public Key Algorithm: rsaEncryption

RSA Public Key: (1024 bit)
Signature Algorithm: md5WithRSAEncryption

    01:0c:40:40:fb:84:e3:eb:49:f4:0b:da:69:f7:6d:cd:d1:16:
ae:e9:d1:a9:f3:a1:b2:03:33:a8:3a:19:a1:4c:cc:1b:5e:e1:
e9:a5:06:6b:02:c1:5d:6a:93:a2:60:a3:47:6c:5b:2b:2a:91:
9f:30:a7:76:77:ba:d4:84:d8:89:bd:b9:31:d2:1a:82:52:37:
14:24:4f:a5:23:bb:65:fb:3e:96:7e:17:50:87:de:7d:dd:a0:
21:30:80:4f:0b:26:87:7b:1a:84:a3:df:89:78:c9:dc:80:87:
cd:a4:d8:f2:a2:e0:4b:0e:59:dd:36:59:3d:59:8f:d0:7e:b2:
2f:97
 

 show certificate fingerprint Example


> show certificate fingerprint server
 
MD5 Fingerprint: 2A:93:5F:02:7A:9D:68:80:63:8E:29:68:DA:5A:9A:BD

 show certificate pem Example


show cert pem server
 
-----BEGIN PKCS7-----
MIAGCSqGSIb3DQEHAqCAMIIB1wIBATEAMIAGCSqGSIb3DQEHAQAAoIIBvTCCAbkw
ggFjoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAwZjELMAkGA1UEBhMCQVUxETAPBgNV
BAgTCENvbG9yYWRvMRAwDgYDVQQHEwdCb3VsZGVyMRswGQYDVQQKExJDb21wYXRp
YmxlIFN5c3RlbXMxFTATBgNVBAMTDEludHJhcG9ydCBDQTAeFw05OTEyMDEwMDEx
MzFaFw05OTEyMzEwMDExMzFaMGYxCzAJBgNVBAYTAkFVMREwDwYDVQQIEwhDb2xv
cmFkbzEQMA4GA1UEBxMHQm91bGRlcjEbMBkGA1UEChMSQ29tcGF0aWJsZSBTeXN0
ZW1zMRUwEwYDVQQDEwxJbnRyYXBvcnQgQ0EwWjALBgkqhkiG9w0BAQEDSwAwSAJB
AKcGdw1H2Mr7ZMIflx8rWzb2S56WimZtO4mxcAoQa7yezyZ8cXN+o+QkvxsTLSsM
3YRHWE4voI6hIJbOG1gnUD0CAwEAATANBgkqhkiG9w0BAQQFAANBABnW5Np3La8t
Z5P6Od3BDX7BKbefLMJXoDPN31cbAqy40L/WVwKKWGoD/M+QTrHKMt+T1RhlTr+Z
Gl3QT4+6wPwxAAAAAAA=
-----END PKCS7-----

 Related Commands


  




Command
Description



 certificate generate


 Creates a root or server certificate, or a certificate request




 certificate import


 Imports a certificate




 certificate remove


 Removes all certificates




 certificate request


 Approves or deny a certificate request




 certificate verify


 Checks that the server certificate is valid




 configure Certificates


 Configures a certificate generator














 





hometocprevnextglossaryfeedbacksearchhelp


Posted: Wed Sep 27 11:27:27 PDT 2000

Copyright 1989-2000©Cisco Systems Inc.