sys crypto cert-order-managerΒΆ

sys crypto cert-order-manager(BIG-IP TMSH Manusys crypto cert-order-manager(1)



NAME
       cert-order-manager - Certificate order manager on the BIG-IP(r) system.

MODULE
       sys crypto

SYNTAX
       A cert-order-manager Manages the collection of Certificate Authority
       (CA) requirements for making certificate orders using the syntax given
       in the following sections.

   CREATE/MODIFY
	 create cert-order-manager [name]
	 modify cert-order-manager [name]
	   options:
	     app-service [[string] | none]
	     additional-headers [[string] | none]
	     authority [comodo | symantec]
	     auto-renew [yes | no]
	     base-url [URL | none]
	     ca-cert [certificate file object]
	     client-cert [certificate file object | none]
	     client-key [certificate key file object | none]
	     client-key-passphrase [[string] | none]
	     edit-order-info
	     internal-proxy [internal proxy object]
	     login-name [[string] | none]
	     login-password [[string] | none]
	     order-info [string]
	     validity-days [days | none]

   LIST
	 list cert-order-manager [name]

   DELETE
	 delete cert-order-manager [name]

DESCRIPTION
       cert-order-manager A component holds the Certificate Authority's (CA)
       specific requirements for making certificate orders. The user needs to
       select a CA from the supported list, configure the necessary
       authentication information, and order the information specific to the
       selected CA.

EXAMPLES
       create sys crypto cert-order-manager certmgr authority comodo login-
       name cert-admin@myorg.com login-password default ca-cert ca-bundle.crt
       internal-proxy iproxy-caapi additional-headers
       "customerUri:myorg-auto-poc" order-info "{ orgId 5678 serverType -1
       certType 136 }"

       Creates a certificate order manager certmgr for certificate authority
       comodo. For CA account login authentication username
       cert-admin@myorg.com and password default is used. ca-bundle.crt is
       used for authenticating a TLS connection to a CA server and validating
       the certificate issued by the CA. customerUri:myorg-auto-poc provides
       customer Uri issued by comodo for the certificate requesting
       organization. In order info { orgId 5678 serverType -1 certType 136 }
       organization identity orgId 5678 is provided by comodo, and certType
       136 is the certificate product type offered by comodo for the
       organization.

       list sys crypto cert-order-manager certmgr

       Shows all the properties of the cert-order-manager certmgr.

       delete sys crypto cert-order-manager certmgr

       Deletes the cert-order-manager certmgr from the system.

OPTIONS
       additional-headers
	    Specifies additional headers required for the certificate
	    authority with expected format "key:value,...". For example:
	    (comodo) "customerUri:mycomp-auto-poc"

       authority
	    Specifies a certificate authority.

       auto-renew
	    Enable/Disable the certificate automatic renewals. By default, the
	    automatic certificate renewal is enabled.

       base-url
	    Specifies the base-url for reaching the CA. This is an optional
	    field which gets populated with default values for a specific
	    certificate authority.

       ca-cert
	    Specifies the CA certificate to be used for authenticating the TLS
	    connection with the CA server. ca-cert is also used for validating
	    an issued certificate from CA before accepting into the system.

       client-cert
	    Specifies the client authentication certificate used for accessing
	    the CA account. This is a required field for certain CA accounts.

       client-key
	    Specifies the client authentication key used for accessing the CA
	    account. This is a required field for certain CA accounts.

       client-key-passphrase
	    Specifies the optional key passpharse required for decrypting the
	    client-key.

       edit-order-info
	    Provides an editor for creating and modifying the order-info
	    configuration. This should be the last property since selecting
	    save and exit from the editor automatically submits the
	    configuration.

       internal-proxy
	    Specifies the internal proxy object that should be used for
	    reaching the CA server.

       login-name
	    Specifies the login name for accessing the CA account. This is a
	    required field for certain CA accounts.

       login-password
	    Specifies the login password for accessing the CA account. This is
	    a required field for certain CA accounts.

       order-info
	    Specifies a string containing necessary information for making
	    certificate orders with CA. Format and fields of order-info varies
	    with the CA.

       validity-days
	    Specifies certificate validity in days. The default value is 365
	    days.

SEE ALSO
       create, list, modify, delete, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2018. All rights reserved.



BIG-IP				  2018-07-18  sys crypto cert-order-manager(1)