The certificate command is used to manage the system’s certificates that are used to establish TLS connections to the audit server as well as to secure HTTPS sessions.
Note
The certificate command can only be used by an administrator.
The autocert file is a default certificate file, generated when the IP address is changed from factory settings, or when an audit or an HTTPS session starts with no selected certificate.
Synopsis
certificate name/all get
certificate name/all list
certificate name view
certificate name create [sign=self] [subject=query]
certificate name delete [type=id]
certificate name import infile= [type=id] [fmt=auto]
certificate name select
certificate name verify |
Actions
| Action | Description |
|---|
get | Displays the information for the specified certificate or all certificates, including certificate name, type, signature, subject, issuer, expiration, and fingerprint. |
list | Lists the specified certificate or all certificates installed on the encoder, including the type and name. |
view | Displays the content of the named certificate file. |
create | Generates a Self-signed certificate or a Certificate Signing Request. The sign and subject can be specified. See Parameters below. |
delete | Deletes the selected certificate. The type can be specified. See Parameters below.
Note
The type specification may be added to specify the deletion of the Identity certificate, the chain associated with it, or the CA certificate with the given name.
|
import | Imports a certificate to be installed on the device. The infile, i.e., the file to import the certificate from, must be provided. The file’s type and format can also be specified. See Parameters below. |
select | Selects the certificate used when establishing a TLS connection with the audit server or starting an HTTPS session. |
verify | Verifies the validity of the specified certificate. |
Parameters
| Parameter | Default | Description/Values |
|---|
| sign | self | The signature type for the certificate: self: Creates a self-signed identity certificate.Request: Creates an identity Certificate Signing Request (CSR)
|
| subject | query | Sets the certificate's distinguished name parameters: auto: Automatically gets the subject Common Name which is HOSTNAME.DOMAIN if DNS is configured, or IPADDR otherwise. The subject Alt Name is set to DNS:HOSTNAME.DOMAIN, DNS:HOSTNAME,IPAddress:IPADDRquery: Prompts the user for Distinguished Name (DN) attributesDN: Distinguished Name in the form: "/C=US/ST=Maine..." where the most common attributes are:
/C Two Letter Country Name
/ST State or Province Name
/L Locality Name
/O Organization Name
/OU Organizational Unit Name
/CN Common Name
|
| type | id | The type of certificate to either import or generate:
Note
Only ID certificates can be generated. Chain and CA certificates can only be imported.
id: Identity certificate (for HTTPS service and audit (syslog client))chain: Identity certificate CA chain (Import only)ca: Certificate Authority Certificate (for peer certificate validation, Import only)
|
fmt | auto | The format in which the certificate is encrypted: auto: Detects the certificate format based on file extension when importing.pem: Privacy Enhanced Mail Base64 encoded DER certificatep7: PKCS#7p12: PKCS#12pfx: PKCS#12der: Distinguish Encoding Rules
|
infile | N/A | The name of the file to import.
Note
The administrator has previously downloaded/uploaded the certificate file to import in its home directory (using SCP, for example).
|
Examples
# certificate all get Returns the certificate information for the Makito X4. Certificate Name : autocert (default)
Type : id
Signature : Self-signed
Subject : test.haivision.com
Issuer : test.haivision.com
Expiration : Feb 13 18:54:26 2029 GMT
Fingerprint : md5:70:AC:75:C5:B4:5E:C8:51:1C:13:CA:9E:E2:CB:EF:E3
X509v3 Subject Alternative Names:
DNS : test.haivision.com
IP Address : 10.65.11.148
Certificate Name : cert1
Type : id
Signature : Self-signed
Subject : MX4-test
Issuer : MX4-test
Expiration : Aug 3 18:31:37 2022 GMT
Fingerprint : md5:45:5B:7E:C2:BF:D6:6E:9F:32:B9:7F:BE:73:E1:3F:DC
X509v3 Subject Alternative Names:
DNS : MX4-test
IP Address : 10.65.135.35
Certificate Name : cert2
Type : id
Signature : Request not signed
Subject : QA-test
Issuer : Request not signed
Expiration : No expiration date is set before certificate is signed.
Fingerprint : md5:75:85:8d:ec:82:61:6d:11:be:fe:28:45:d6:2d:68:00
|
