ZyXEL Communications UAG Series Cli Reference Manual page 186
Unified access gateway
Hide thumbs
Also See for UAG Series:
- Reference manual (361 pages) ,
- User manual (323 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
Chapter 28 Certificates
Table 107 ca Commands Summary (continued)
COMMAND
ca validation remote_certificate
cdp {activate|deactivate}
ldap {activate|deactivate}
ldap ip {ip|fqdn} port <1..65535> [id name
password password] [deactivate]
ocsp {activate|deactivate}
ocsp url url [id name password password]
[deactivate]
no ca category {local|remote} certificate_name
no ca validation name
186
DESCRIPTION
Enters the sub command mode for validation of
certificates signed by the specified remote (trusted)
certificates.
Turns certificate revocation on or off. When it is turned on,
the UAG validates a certificate by getting a Certificate
Revocation List (CRL) through HTTP or LDAP (can be
configured after activating the LDAP checking option) and
online responder (can be configured after activating the
OCSP checking option). You also need to configure the
OSCP or LDAP server details.
Has the UAG check (or not check) incoming certificates
that are signed by this certificate against a Certificate
Revocation List (CRL) on a LDAP (Lightweight Directory
Access Protocol) directory server.
Sets the validation configuration for the specified remote
(trusted) certificate where the directory server uses LDAP.
ip: Type the IP address (in dotted decimal notation) or
the domain name of the directory server. The domain
name can use alphanumeric characters, periods and
hyphens. Up to 255 characters.
port: Specify the LDAP server port number. You must use
the same server port number that the directory server
uses. 389 is the default server port number for LDAP.
The UAG may need to authenticate itself in order to
access the CRL directory server. Type the login name (up
to 31 characters) from the entity maintaining the server
(usually a certification authority). You can use
alphanumeric characters, the underscore and the dash.
Type the password (up to 31 characters) from the entity
maintaining the CRL directory server (usually a
certification authority). You can use the following
characters: a-zA-Z0-9;|`~!@#$%^&*()_+\{}':,./<>=-
Has the UAG check (or not check) incoming certificates
that are signed by this certificate against a directory
server that uses OCSP (Online Certificate Status Protocol).
Sets the validation configuration for the specified remote
(trusted) certificate where the directory server uses OCSP.
url: Type the protocol, IP address and pathname of the
OCSP server.
name: The UAG may need to authenticate itself in order to
access the OCSP server. Type the login name (up to 31
characters) from the entity maintaining the server
(usually a certification authority). You can use
alphanumeric characters, the underscore and the dash.
password: Type the password (up to 31 characters) from
the entity maintaining the OCSP server (usually a
certification authority). You can use the following
characters: a-zA-Z0-9;|`~!@#$%^&*()_+\{}':,./<>=-
Deletes the specified local (my certificates) or remote
(trusted certificates) certificate.
Removes the validation configuration for the specified
remote (trusted) certificate.
UAG CLI Reference Guide
- Quick Links:
- Command Line Interface
Hide quick links:
Advertisement
Table of Contents
