crypto
The GigaVUE node by default generates and uses a self-signed certificate to provide HTTPS access to the Web-based H-VUE management interface. . Use the crypto command to configure and manage certificates for the GigaVUE H Series node’s built-in Web server, performing the following tasks:
| Generate the certificate and key pairs on the GigaVUE H Series node. This overwrites the existing certificate and key pair regardless of whether the previous certificate and key pair was self-signed or user added. You can specify how long the new self-signed certificate lasts with the days-valid argument. |
| Replace a signed certificate with one created by an administrator or generated by a 3rd party certificate authority. |
| Generate a certificate request and upload it to a specified URL. Default values for the certificate request can be configured. |
The crypto command has the following syntax:
crypto
ca-list default-ca-list name <CA list name> [system-self-signed]
default-cert name <cert name> [system-self-signed]
generation default
country-code <country code>
days-valid <number of days>
email-addr <email address>
key-size-bits <number of bits>
locality <locality name>
org-unit <organizational unit name>
organization <organization name>
state-or-prov <state or province name>
name <cert name>
comment <new comment>
generate self-signed
comment <comment>
common-name <issuer and subject common name>
country-code <country code>
days-valid <number of days>
email-addr <email address>
key-size-bits <number of bits>
locality <locality name>
org-unit <organizational unit name>
organization <organization name>
serial-num <serial number>
state-or-prov <state or province name>
private-key pem <PEM string>
private-key pem fetch <url>
prompt-private-key
public-cert <comment <comment string>> <pem <PEM string>>
regenerate [days-valid <number of days>]
rename <new name>
system-self-signed regenerate [days-valid <number of days 1-7300>]
The following table describes the arguments for the crypto command:
|
Argument |
Description |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
upload <upload URL> |
Generates a certificate request message and uploads the request to the specified URL. The supported formats for upload are: SCP, SFTP, and FTP. For example: (config) # crypto cert-req-msg generate upload scp://gigatest@192.168.1.2/tmp/Password (if required): ********Successfully uploaded certificate signing request with name 'cert-req-filebWdanb.csr'Successfully uploaded private key with name 'cert-req-filebWdanb.key' |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
country-code <country code> |
Configures default values for certificate request message generation as follows:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
certificate ca-list default-ca-list name <CA list name> [system-self-signed] |
Adds the specified CA certificate to the default CA certificate list. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
certificate default-cert name <cert name> [system-self-signed] |
Specifies the named certificate as the default certificate for authentication on this node. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
certificate generation default |
Configures default values for certificate generation as follows:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
certificate name <cert name> private-key pem fetch <url> |
Configures options for a named certificate to import into the certificate database as follows:
Note: Enclose the contents of the PEM file in quotation marks. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
certificate system-self-signed regenerate [days-valid <number of days 1-7300>] |
Regenerates a certificate. Certificates are configured to expire after a specified number of days. You can regenerate a certificate with this command, using the days-valid argument to specify how long it will be valid before it needs to be regenerated again. |
Related Commands
The following table summarizes other commands related to the crypto command:
|
Task |
Command |
|
Displays cryptographic configuration and state for all certificates in the certificate database. |
# show crypto certificate |
|
Displays the list of configured trusted certificates of authority (CA). |
# show crypto certificate ca-list |
|
Displays the list of supplemental certificates configured for the default system CA certificate. |
# show crypto certificate ca-list default-ca-list |
|
Displays the currently configured default certificate. |
# show crypto certificate default-cert |
|
Displays details of the currently configured default certificate. |
# show crypto certificate default-cert detail |
|
Displays the uninterpreted PEM contents of the currently configured default certificate. |
# show crypto certificate default-cert public-pem |
|
Displays details of all certificates in the certificate database. |
# show crypto certificate detail |
|
Displays a specified named certificate. |
# show crypto certificate name mycert |
|
Displays the uninterpreted PEM contents of all certificates in the certificate database. |
# show crypto certificate public-pem |
|
Deletes a certificate from the CA certificate trust pool. |
(config) # no crypto certificate ca-list default-ca-list name mycert1 |
|
Reverts to the system-self-signed certificate as the default. |
(config) # no crypto certificate default-cert name system-self-signed |
|
Deletes a specified certificate. |
(config) # no crypto certificate name system-self-signed |
|
Deletes the comment on a specified certificate. |
(config) # no crypto certificate name system-self-signed comment |
MORE INFORMATION 
