sys crypto csr
sys crypto csr(1) BIG-IP TMSH Manual sys crypto csr(1)
NAME
csr - Manage cryptographic certificate signing requests on the
BIG-IP(r) system.
MODULE
sys crypto
SYNTAX
Manage cryptographic CSRs using the syntax in the following section.
CREATE
create csr [name]
options:
challenge-password [string]
admin-email-address [string]
city [string]
common-name [string]
consumer
[enterprise-manager | iquery | iquery-big3d | ltm | webserver]
country [string]
email-address [string]
key [string]
organization [string]
ou [string]
state [string]
subject-alternative-name [string]
SHOW
show csr
LIST
list csr [name]
DELETE
delete csr [name]
DESCRIPTION
You can use the csr component to create, show, list and delete
cryptographic certificate signing requests.
EXAMPLES
create csr example key testkey.key common-name "My Company Inc."
country "US" challenge-password "abcd"
Generates a certificate signing request named "example.csr" with
provided common-name, country and challenge-password attributes. A key
with the specified name "testkey.key" in this case must be installed on
the system in order for this operation to succeed. The csr extension
(".csr") will be appended to the created csr name if it is not already
provided in the name.
create csr /myfolder/example key testkey.key common-name "My Company
Inc." country "US" challenge-password "abcd"
Similar to above, but creates the csr "example.csr" in the folder
"/myfolder" instead of the default "/Common". The specified folder
"/myfolder" must already exist in order for this operation to succeed.
create csr server2 key server2.key common-name "My Company Inc."
country "US" consumer webserver
Generates a certificate signing request named "server2.csr". The
consumer attribute, "webserver", is used to cause the files to be
placed directly in the path which can be found by the BIG-IP system
httpd. A pre-existing key named "server2.key" must exist in the web
server's key path in order for this operation to succeed.
show csr
Shows the number of certificate signing requests installed in the
system.
list csr example.csr
Lists all details of the certificate signing request "example.csr". A
csr with the specified name "example.csr" in this case must already be
installed on the system in order for this operation to succeed. Because
only one certificate signing request name is specified in the list
command, it will also display the contents of the certificate signing
request file.
list csr example1.csr example2.csr
Lists all details of the certificate signing requests "example1.csr"
and "example2.csr". Because more than one certificate signing request
name is specified in the list command, it will not display the contents
of the certificate signing request files.
list csr
Lists details of all certificate signing requests that are configured
in the system. This command does not display the contents of the
certificate signing request files.
delete csr example.csr
Deletes the certificate signing request "example.csr" from the system.
OPTIONS
challenge-password
Specifies the PKCS#9 challenge-password field to be used in
creation of the certificate signing request.
admin-email-address
Specifies the administrator email-address to be used in creation
of the certificate signing request.
city Specifies the x509 city field to be used in creation of the
certificate signing request.
common-name
Specifies the x509 common-name to be used in creation of the
certificate signing request.
consumer
Specifies the system component by which a certificate signing
request will be consumed. The default behavior is to create file-
objects for use by ltm components. This is the same as specifying
"ltm" for this property. If a component other than "ltm" is
specified then files will be installed/created in locations where
the specified components can find them. For example, for component
"webserver", certificate signing requests will be placed in the
webservers ssl directories.
country
Specifies the x509 country to be used in creation of the
certificate signing request. The country must be a 2 letter
country code.
email-address
Specifies the x509 email-address to be used in creation of the
certificate signing request.
key Specifies a key from which a certificate signing request should be
generated when using the create command.
organization
Specifies the x509 organization to be used in creation of the
certificate signing request.
ou Specifies the x509 organizational unit to be used in creation of
the certificate signing request.
state
Specifies the x509 state or province to be used in creation of the
certificate signing request.
subject-alternative-name
Specifies standard X.509 subject alternative extensions as shown
in RFC 2459 to be used in creation of the certificate signing
request. Examples of allowed types are : DNS:example.com,
IP:192.168.1.1, IP:12:34, email:user@example.com,
URI:http://www.example.com
SEE ALSO
create, show, list, delete, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2013-2015. All rights reserved.
BIG-IP 2016-07-20 sys crypto csr(1)