sys crypto cert-order-manager
sys crypto cert-order-manager(BIG-IP TMSH Manusys crypto cert-order-manager(1)
NAME
cert-order-manager - Certificate order manager on the BIG-IP(r) system.
MODULE
sys crypto
SYNTAX
A cert-order-manager Manages the collection of Certificate Authority
(CA) requirements for making certificate orders using the syntax given
in the following sections.
CREATE/MODIFY
create cert-order-manager [name]
modify cert-order-manager [name]
options:
app-service [[string] | none]
additional-headers [[string] | none]
authority [comodo | symantec]
auto-renew [yes | no]
base-url [URL | none]
ca-cert [certificate file object]
client-cert [certificate file object | none]
client-key [certificate key file object | none]
client-key-passphrase [[string] | none]
edit-order-info
internal-proxy [internal proxy object]
login-name [[string] | none]
login-password [[string] | none]
order-info [string]
validity-days [days | none]
LIST
list cert-order-manager [name]
DELETE
delete cert-order-manager [name]
DESCRIPTION
cert-order-manager A component holds the Certificate Authority's (CA)
specific requirements for making certificate orders. The user needs to
select a CA from the supported list, configure the necessary
authentication information, and order the information specific to the
selected CA.
EXAMPLES
create sys crypto cert-order-manager certmgr authority comodo login-
name cert-admin@myorg.com login-password default ca-cert ca-bundle.crt
internal-proxy iproxy-caapi additional-headers
"customerUri:myorg-auto-poc" order-info "{ orgId 5678 serverType -1
certType 136 }"
Creates a certificate order manager certmgr for certificate authority
comodo. For CA account login authentication username
cert-admin@myorg.com and password default is used. ca-bundle.crt is
used for authenticating a TLS connection to a CA server and validating
the certificate issued by the CA. customerUri:myorg-auto-poc provides
customer Uri issued by comodo for the certificate requesting
organization. In order info { orgId 5678 serverType -1 certType 136 }
organization identity orgId 5678 is provided by comodo, and certType
136 is the certificate product type offered by comodo for the
organization.
list sys crypto cert-order-manager certmgr
Shows all the properties of the cert-order-manager certmgr.
delete sys crypto cert-order-manager certmgr
Deletes the cert-order-manager certmgr from the system.
OPTIONS
additional-headers
Specifies additional headers required for the certificate
authority with expected format "key:value,...". For example:
(comodo) "customerUri:mycomp-auto-poc"
authority
Specifies a certificate authority.
auto-renew
Enable/Disable the certificate automatic renewals. By default, the
automatic certificate renewal is enabled.
base-url
Specifies the base-url for reaching the CA. This is an optional
field which gets populated with default values for a specific
certificate authority.
ca-cert
Specifies the CA certificate to be used for authenticating the TLS
connection with the CA server. ca-cert is also used for validating
an issued certificate from CA before accepting into the system.
client-cert
Specifies the client authentication certificate used for accessing
the CA account. This is a required field for certain CA accounts.
client-key
Specifies the client authentication key used for accessing the CA
account. This is a required field for certain CA accounts.
client-key-passphrase
Specifies the optional key passpharse required for decrypting the
client-key.
edit-order-info
Provides an editor for creating and modifying the order-info
configuration. This should be the last property since selecting
save and exit from the editor automatically submits the
configuration.
internal-proxy
Specifies the internal proxy object that should be used for
reaching the CA server.
login-name
Specifies the login name for accessing the CA account. This is a
required field for certain CA accounts.
login-password
Specifies the login password for accessing the CA account. This is
a required field for certain CA accounts.
order-info
Specifies a string containing necessary information for making
certificate orders with CA. Format and fields of order-info varies
with the CA.
validity-days
Specifies certificate validity in days. The default value is 365
days.
SEE ALSO
create, list, modify, delete, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2018. All rights reserved.
BIG-IP 2018-07-18 sys crypto cert-order-manager(1)