sys crypto cert-order-manager
sys crypto cert-order-manager(1) BIG-IP TMSH Manual sys crypto cert-order-manager(1)
NAME
cert-order-manager - Certificate order manager on the BIG-IP(r) system.
MODULE
sys crypto
SYNTAX
A cert-order-manager Manages the collection of Certificate Authority (CA) requirements for making certificate orders using
the syntax given in the following sections.
CREATE/MODIFY
create cert-order-manager [name]
modify cert-order-manager [name]
options:
app-service [[string] | none]
additional-headers [[string] | none]
authority [comodo | digicert | godaddy | symantec]
auto-renew [yes | no]
base-url [URL | none]
ca-cert [certificate file object]
client-cert [certificate file object | none]
client-key [certificate key file object | none]
client-key-passphrase [[string] | none]
edit-order-info
internal-proxy [internal proxy object]
login-name [[string] | none]
login-password [[string] | none]
order-info [string]
validity-days [days | none]
LIST
list cert-order-manager [name]
DELETE
delete cert-order-manager [name]
DESCRIPTION
cert-order-manager A component holds the Certificate Authority's (CA) specific requirements for making certificate orders.
The user needs to select a CA from the supported list, configure the necessary authentication information, and order the
information specific to the selected CA.
EXAMPLES
create sys crypto cert-order-manager certmgr authority comodo login-name cert-admin@myorg.com login-password default ca-
cert ca-bundle.crt internal-proxy iproxy-caapi additional-headers "customerUri:myorg-auto-poc" order-info "{ orgId 5678
serverType -1 certType 136 }"
Creates a certificate order manager certmgr for certificate authority comodo. For CA account login authentication username
cert-admin@myorg.com and password default is used. ca-bundle.crt is used for authenticating a TLS connection to a CA server
and validating the certificate issued by the CA. customerUri:myorg-auto-poc provides customer Uri issued by comodo for the
certificate requesting organization. In order info { orgId 5678 serverType -1 certType 136 } organization identity orgId
5678 is provided by comodo, and certType 136 is the certificate product type offered by comodo for the organization.
list sys crypto cert-order-manager certmgr
Shows all the properties of the cert-order-manager certmgr.
delete sys crypto cert-order-manager certmgr
Deletes the cert-order-manager certmgr from the system.
OPTIONS
additional-headers
Specifies additional headers required for the certificate authority with expected format "key:value,...". For example:
(comodo) "customerUri:mycomp-auto-poc"
authority
Specifies a certificate authority.
auto-renew
Enable/Disable the certificate automatic renewals. By default, the automatic certificate renewal is enabled.
base-url
Specifies the base-url for reaching the CA. This is an optional field which gets populated with default values for a
specific certificate authority.
ca-cert
Specifies the CA certificate to be used for authenticating the TLS connection with the CA server. ca-cert is also used
for validating an issued certificate from CA before accepting into the system.
client-cert
Specifies the client authentication certificate used for accessing the CA account. This is a required field for
certain CA accounts.
client-key
Specifies the client authentication key used for accessing the CA account. This is a required field for certain CA
accounts.
client-key-passphrase
Specifies the optional key passpharse required for decrypting the client-key.
edit-order-info
Provides an editor for creating and modifying the order-info configuration. This should be the last property since
selecting save and exit from the editor automatically submits the configuration.
internal-proxy
Specifies the internal proxy object that should be used for reaching the CA server.
login-name
Specifies the login name for accessing the CA account. This is a required field for certain CA accounts.
login-password
Specifies the login password for accessing the CA account. This is a required field for certain CA accounts.
order-info
Specifies a string containing necessary information for making certificate orders with CA. Format and fields of order-
info varies with the CA.
validity-days
Specifies certificate validity in days. The default value is 365 days.
SEE ALSO
create, list, modify, delete, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2018. All rights reserved.
BIG-IP 2018-12-06 sys crypto cert-order-manager(1)