protocol ssl server-cert name change generate-cert
Imports an SSL certificate and key together.
Syntax
[no] protocol ssl server-cert name <server-cert-name> change generate-cert [rsa] [key-size {512|1024|2048}] [common-name <string>] [country <string>] | [email <email-address>] | [locality <string>] [org <string>] [org-unit <string>] [state <string>] [valid-days <int>] [non-exportable]
Parameters
<server-cert-name> | Server certificate name. |
rsa | Specifies RSA encryption. |
key-size | Specifies the key size: 512, 1024, 2048 |
common-name <string> | Specifies the certificate common name. |
country <string> | Specifies the certificate 2-letter country code. |
email <email-address> | Specifies the email address of the contact person. |
locality <string> | Specifies the city. |
org <string> | Specifies the organization. |
org-unit <string> | Specifies the organization name (for example, the company). |
state <string> | Specifies the state. You cannot use abbreviations. |
valid-days <int> | Specifies how many days the certificate is valid. If you omit valid-days, the default is 2 years. |
non-exportable | Makes the private key for server certificates non-exportable. If enabled, the SteelHead will never include this certificate as a part of its bulk-export (or allow this certificate to be individually exportable). The certificate will still be pushed out as a part of a SCC resync. |
Usage
When you configure the back-end server proxy certificate and key on the server-side SteelHead, if you choose not to use the actual certificate for the back-end server and key, you can use a self-signed certificate and key or another CA-signed certificate and key. If you have a CA-signed certificate and key, import it.
If you do not have a CA-signed certificate and key, you can add the proxy server configuration with a self-signed certificate and key, back up the private key, generate CSR, have it signed by a CA, and import the newly CA-signed certificate and the backed up private key.
For detailed information, see the Management Console online help or the SteelHead Management Console User’s Guide.
The no command option disables this feature.
Example
amnesiac (config) # protocol ssl server-cert name example change generate-cert rsa common-name Company-Wide country US email root@company.com key-size 2048 locality en valid-days 360 generate-csr common-name Company-Wide country USA email root@company.com locality en org Company org-unit all state California
Product
SteelHead CX, SteelHead EX, SteelHead-v, SteelHead-c
Related Commands