Table of Contents
Advertisement
Guidelines
The password or password-alias keyword is required only when a certificate file is
password-protected.
Prior to using the password-alias keyword, you must use the password-map
command to 3DES-encrypt the certificate password and associate an alias with the
encrypted password. An attempt to reference an encrypted password not found in
the Password map results in command failure.
v In environments that use plaintext (unencrypted) passwords, the password
v In environments that use encrypted passwords, the password-alias argument is
Use the certificate command in conjunction with the key and idcred commands to
create an Identification Credentials. An Identification Credentials consists of a
certificate, which contains a public key, and the corresponding private key.
Use the certificate command in conjunction with the valcred command to create a
Validation Credentials. A Validation Credentials can be used, but is not required,
during the SSL handshake procedure to authenticate the certificate that is received
from the remote SSL peer.
The no certificate command deletes only the alias for the stored certificate. The file
that contains the actual certificate remains on the appliance.
Related Commands
certificate (Crypto Validation), copy, key, password-map, profile, valcred
Examples
v Creates the bob alias for the bob.pem X.509 certificate. Stores the target certificate
v Creates an the bob alias for the bob.pem certificate. Stores the target certificate in
v Creates an the bob alias for the bob.pem certificate. Stores the target certificate in
214
Command Reference
appliance sends the certificate to the SSL peer for an SSL connection, but
the peer can reject the certificate as not valid.
argument is used to open and read the certificate file.
searched for in the password map file and its associated encrypted password is
identified. The encrypted password, in turn, is 3DES-decrypted (using the locally
generated host key) to yield the plaintext password used to open and read the
certificate file.
in the public cryptographic area.
# certificate
bob pubcert:bob.pem
Creating certificate 'bob'
#
the public cryptographic area. Allows the certificate to be accessed with the
pikesville plaintext password.
# certificate bob pubcert:bob.pem
password pikesville
Creating certificate 'bob'
#
the public cryptographic area. Allows the certificate to be accessed with the
dundaulk encrypted password alias.
Advertisement
Table of Contents
