Product Documentation

ssl cert

Sep 12, 2016

The following operations can be performed on "ssl cert":

create ssl cert

Generates a signed X509 Certificate.

Synopsys

create ssl cert <certFile> <reqFile> <certType> [-keyFile <input_filename>] [-keyform ( DER | PEM ) {-PEMPassPhrase }] [-days <positive_integer>] [-certForm ( DER | PEM )] [-CAcert <input_filename>] [-CAcertForm ( DER | PEM )] [-CAkey <input_filename>] [-CAkeyForm ( DER | PEM )] [-CAserial <output_filename>]

Arguments

certFile

Name for and, optionally, path to the generated certificate file. /nsconfig/ssl/ is the default path.

Maximum value: 63

reqFile

Name for and, optionally, path to the certificate-signing request (CSR). /nsconfig/ssl/ is the default path.

Maximum value: 63

certType

Type of certificate to generate. Specify one of the following:

* ROOT_CERT - Self-signed Root-CA certificate. You must specify the key file name. The generated Root-CA certificate can be used for signing end-user client or server certificates or to create Intermediate-CA certificates.

* INTM_CERT - Intermediate-CA certificate.

* CLNT_CERT - End-user client certificate used for client authentication.

* SRVR_CERT - SSL server certificate used on SSL servers for end-to-end encryption.

Possible values: ROOT_CERT, INTM_CERT, CLNT_CERT, SRVR_CERT, UNKNOWN, CLIENTANDSERVER_CERT

keyFile

Name for and, optionally, path to the private key. You can either use an existing RSA or DSA key that you own or create a new private key on the NetScaler appliance. This file is required only when creating a self-signed Root-CA certificate. The key file is stored in the /nsconfig/ssl directory by default.

If the input key specified is an encrypted key, you are prompted to enter the PEM pass phrase that was used for encrypting the key.

Maximum value: 63

keyform

Format in which the key is stored on the appliance.

Possible values: DER, PEM

Default value: PEM

PEMPassPhrase

days

Number of days for which the certificate will be valid, beginning with the time and day (system time) of creation.

Default value: 365

Minimum value: 1

Maximum value: 3650

certForm

Format in which the certificate is stored on the appliance.

Possible values: DER, PEM

Default value: PEM

CAcert

Name of the CA certificate file that issues and signs the Intermediate-CA certificate or the end-user client and server certificates.

Maximum value: 63

CAcertForm

Format of the CA certificate.

Possible values: DER, PEM

Default value: PEM

CAkey

Private key, associated with the CA certificate that is used to sign the Intermediate-CA certificate or the end-user client and server certificate. If the CA key file is password protected, the user is prompted to enter the pass phrase that was used to encrypt the key.

Maximum value: 63

CAkeyForm

Format for the CA certificate.

Possible values: DER, PEM

Default value: PEM

CAserial

Serial number file maintained for the CA certificate. This file contains the serial number of the next certificate to be issued or signed by the CA. If the specified file does not exist, a new file is created, with /nsconfig/ssl/ as the default path. If you do not specify a proper path for the existing serial file, a new serial file is created. This might change the certificate serial numbers assigned by the CA certificate to each of the certificates it signs.

Maximum value: 63

Example

1) create ssl cert /nsconfig/ssl/root_cert.pem /nsconfig/ssl/root_csr.pem ROOT_CERT -keyFile /nsconfig/ssl/root_key.pem -days 1000 The above example creates a self signed Root-CA certificate. 2) create ssl cert /nsconfig/ssl/server_cert.pem /nsconfig/ssl/server_csr.pem SRVR_CERT -CAcert /nsconfig/ssl/root_cert.pem -CAkey /nsconfig/ssl/root_key.pem -CAserial /nsconfig/ssl/root.srl The above example creates a Server certificate which is signed by the Root-CA certificate: root_cert.pem