sys crypto csr¶

sys crypto csr(1) BIG-IP TMSH Manual sys crypto csr(1)

NAME
csr - Manage cryptographic certificate signing requests on the BIG-IP(r) system.

MODULE
sys crypto

SYNTAX
Manage cryptographic CSRs using the syntax in the following section.

CREATE
create csr [name]
options:
admin-email-address [string]
basic-constraints [string]
challenge-password [string]
city [string]
common-name [string]
consumer
[enterprise-manager | iquery | iquery-big3d | ltm | webserver]
country [string]
email-address [string]
key [string]
key-usage [string]
organization [string]
ou [string]
state [string]
subject-alternative-name [string]

SHOW
show csr

LIST
list csr [name]

DELETE
delete csr [name]

DESCRIPTION
You can use the csr component to create, show, list and delete cryptographic certificate signing requests.

EXAMPLES
create csr example key testkey.key common-name "My Company Inc." country "US" challenge-password "abcd"

Generates a certificate signing request named "example.csr" with provided common-name, country and challenge-password
attributes. A key with the specified name "testkey.key" in this case must be installed on the system in order for this
operation to succeed. The csr extension (".csr") will be appended to the created csr name if it is not already provided in
the name.

create csr /myfolder/example key testkey.key common-name "My Company Inc." country "US" challenge-password "abcd"

Similar to above, but creates the csr "example.csr" in the folder "/myfolder" instead of the default "/Common". The
specified folder "/myfolder" must already exist in order for this operation to succeed.

create csr server2 key server2.key common-name "My Company Inc." country "US" consumer webserver

Generates a certificate signing request named "server2.csr". The consumer attribute, "webserver", is used to cause the
files to be placed directly in the path which can be found by the BIG-IP system httpd. A pre-existing key named
"server2.key" must exist in the web server's key path in order for this operation to succeed.

show csr

Shows the number of certificate signing requests installed in the system.

list csr example.csr

Lists all details of the certificate signing request "example.csr". A csr with the specified name "example.csr" in this
case must already be installed on the system in order for this operation to succeed. Because only one certificate signing
request name is specified in the list command, it will also display the contents of the certificate signing request file.

list csr example1.csr example2.csr

Lists all details of the certificate signing requests "example1.csr" and "example2.csr". Because more than one certificate
signing request name is specified in the list command, it will not display the contents of the certificate signing request
files.

list csr

Lists details of all certificate signing requests that are configured in the system. This command does not display the
contents of the certificate signing request files.

delete csr example.csr

Deletes the certificate signing request "example.csr" from the system.

OPTIONS
admin-email-address
Specifies the administrator email-address to be used in creation of the certificate signing request.

basic-constraints
Specifies standard X.509 basic constraints extension as shown in RFC 2459 to be used in creation of the certificate
signing request. Examples are : critical,CA:true or critical,CA:true,pathlen:0 or critical,CA:true,pathlen:1.

key-usage
Specifies standard X.509 key usage extension as shown in RFC 2459 to be used in creation of the certificate signing
request. Examples are : critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement,
keyCertSign, cRLSign, encipherOnly, decipherOnly.

challenge-password
Specifies the PKCS#9 challenge-password field to be used in creation of the certificate signing request.

city Specifies the x509 city field to be used in creation of the certificate signing request.

common-name
Specifies the x509 common-name to be used in creation of the certificate signing request.

consumer
Specifies the system component by which a certificate signing request will be consumed. The default behavior is to
create file-objects for use by ltm components. This is the same as specifying "ltm" for this property. If a component
other than "ltm" is specified then files will be installed/created in locations where the specified components can
find them. For example, for component "webserver", certificate signing requests will be placed in the webservers ssl
directories.

country
Specifies the x509 country to be used in creation of the certificate signing request. The country must be a 2 letter
country code.

email-address
Specifies the x509 email-address to be used in creation of the certificate signing request.

key Specifies a key from which a certificate signing request should be generated when using the create command.

organization
Specifies the x509 organization to be used in creation of the certificate signing request.

ou Specifies the x509 organizational unit to be used in creation of the certificate signing request.

state
Specifies the x509 state or province to be used in creation of the certificate signing request.

subject-alternative-name
Specifies standard X.509 subject alternative extensions as shown in RFC 2459 to be used in creation of the certificate
signing request. Examples of allowed types are : DNS:example.com, IP:192.168.1.1, IP:12:34, email:user@example.com,
URI:http://www.example.com

SEE ALSO
create, show, list, delete, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.

BIG-IP 2020-10-27 sys crypto csr(1)