-
Application Control Engine Module Command Reference (Software Version A1(2))
-
CLI Command Summary By Mode
-
Preface
-
Using the Command-Line Interface
-
CLI Commands
-
Exec Mode Commands
-
Configuration Mode Commands
-
Chaingroup Configuration Mode Commands
-
Class Map Configuration Mode Commands
-
Console Configuration Mode Commands
-
Context Configuration Mode Commands
-
CSR Parameters Configuration Mode Commands
-
Domain Configuration Mode Commands
-
FT Group Configuration Mode Commands
-
FT Interface Configuration Mode Commands
-
FT Peer Configuration Mode Commands
-
FT Track Host Configuration Mode Commands.
-
Interface Configuration Mode Commands
-
LDAP Configuration Mode Commands
-
Line Configuration Mode Commands
-
Parameter Map Connection Configuration Mode Commands
-
Policy Map Configuration Mode Commands
-
Probe Configuration Mode Commands
-
RADIUS Configuration Mode Commands
-
Real Server Host Configuration Mode Commands
-
Resource Configuration Mode Commands
-
Role Configuration Mode Commands
-
Server Farm Host Configuration Mode Commands
-
SSL Proxy Configuration Mode Commands
-
Sticky Cookie Configuration Mode Commands
-
TACACS+ Configuration Mode Commands
-
Table Of Contents
CSR Parameters Configuration Mode Commands
(config-csr-params) common-name
(config-csr-params) country-name
(config-csr-params) organization-name
(config-csr-params) organization-unit
(config-csr-params) serial-number
CSR Parameters Configuration Mode Commands
CSR parameters configuration mode commands allow you to define the distinguished name attributes for a CSR (Certificate Signing Request) parameter set. The ACE applies the CSR parameter set attributes during the CSR-generating process. The distinguished name attributes provide the Certificate Authority (CA) with the information it needs to authenticate your site. The CA then applies the information you provide in the CSR parameter set to your SSL certificate. Creating a CSR parameter set allows you to generate multiple CSRs with the same distinguished name attributes.
To create a new CSR parameter set (or modify an existing CSR parameter set) and access the CSR parameters configuration mode, use the crypto csr-params command. The CLI prompt changes to (config-csr-params). Use the no form of this command to remove an existing CSR parameter set.
crypto csr-params csr_param_name
no crypto csr-params csr_param_name
Syntax Description
csr_param_name
Name that designates a CSR parameter set. Enter the CSR parameter set name as a alphanumeric string from 1 to 64 characters in length.
Command Modes
Configuration mode
Admin and user contexts
Command History
Usage Guidelines
The commands in this mode require the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
When you specify a CSR parameter set, you define the following distinguished name attributes:
•
Common name—See the (config-csr-params) common-name command. This is a required distinguished name attribute.
•
•
•
•
•
•
•
If you do not define the required distinguished name attributes, the ACE displays an error message when you attempt top generate a CSR using the CSR parameter set.
You can create up to eight CSR parameter sets per context.
To generate a Certificate Signing Request (CSR) file using the CSR parameter set, use the crypto generate csr command in the Exec mode.
Examples
To create the CSR parameter set CSR_PARAMS_1, enter:
host1/Admin(config)
#crypto csr-params CSR_PARAMS_1host1/Admin(config-csr-params)
Related Commands
crypto generate csr
(config-csr-params) common-name
(config-csr-params) country-name(config-csr-params) organization-name
(config-csr-params) organization-unit
(config-csr-params) serial-number
(config-csr-params) common-name
To define the common name parameter in the CSR parameter set, use the common-name command. Use the no form of the command to delete an existing common name from the CSR parameter set.
common-name name
no common-name
Syntax Description
name
Name that designates the common name in a CSR parameter set. Enter the common name as an alphanumeric string from 1 to 64 characters in length.
Command Modes
CSR parameters configuration mode
Command History
Usage Guidelines
The common name is a required distinguished name attribute. If you do not configure this attribute (and all other required attributes), the ACE displays an error message when you try to generate a CSR using the CSR parameter set.
The common name should be the domain name or individual host name of the SSL site.
Examples
To specify the common name WWW.ABC123.COM, enter:
host1/Admin
(config-csr-params)#common-name WWW.ABS123.COMRelated Commands
(config-csr-params) country-name
(config-csr-params) organization-name
(config-csr-params) organization-unit
(config-csr-params) serial-number
(config-csr-params) country-name
To define the country name parameter in the CSR parameter set, use the country command. Use the no form of the command to delete an existing country name from the CSR parameter set.
country name
no country
Syntax Description
name
Name of the country where the SSL site resides. Enter the country name as an alphanumeric string from 1 to 2 characters in length.
Command Modes
CSR parameters configuration mode
Command History
Usage Guidelines
The country name is a required distinguished name attribute. If you do not configure this attribute (and all other required attributes), the ACE displays an error message when you try to generate a CSR using the CSR parameter set.
Examples
To specify the country US (United States), enter:
host1/Admin
(config-csr-params)#country-name USRelated Commands
(config-csr-params) common-name
(config-csr-params) organization-name
(config-csr-params) organization-unit
(config-csr-params) serial-number
(config-csr-params) email
To define the email address parameter in the CSR parameter set, use the email command. Use the no form of the command to delete an existing email address from the CSR parameter set.
email address
no email
Syntax Description
address
Address that designates the site email address in a CSR parameter set. Enter the email address as an alphanumeric string from 1 to 40 characters in length.
Command Modes
CSR parameters configuration mode
Command History
Usage Guidelines
The email address is an optional distinguished name attribute.
Examples
To specify the email address WEBADMIN@ABC123.COM, enter:
host1/Admin(config-csr-params)#email WEBADMIN@ABC123.COMRelated Commands
(config-csr-params) common-name
(config-csr-params) country-name
(config-csr-params) organization-name
(config-csr-params) organization-unit
(config-csr-params) serial-number
(config-csr-params) locality
To define the locality name parameter in the CSR parameter set, use the locality command. Use the no form of the command to delete an existing locality from the CSR parameter set.
locality name
no locality
Syntax Description
name
Name that designates the locality (a county, for example) in a CSRparameter set. Enter the locality name as an alphanumeric string from 1 to 40 characters in length.
Command Modes
CSR parameters configuration mode
Command History
Usage Guidelines
The locality name is an optional distinguished name attribute.
Examples
To specify the locality ATHENS, enter:
host1/Admin
(config-csr-params)#locality ATHENSRelated Commands
(config-csr-params) common-name
(config-csr-params) country-name
(config-csr-params) organization-name
(config-csr-params) organization-unit
(config-csr-params) serial-number
(config-csr-params) organization-name
To define the organization name parameter in the CSR parameter set, use the organization-name command. Use the no form of the command to delete an existing organization name from the CSR parameter set.
organization-name name
no organization-name
Syntax Description
name
Name that designates the organization in a CSR parameter set. Enter the organization name as an alphanumeric string from 1 to 64 characters in length.
Command Modes
CSR parameters configuration mode
Command History
Usage Guidelines
The organization name is an optional distinguished name attribute.
Examples
To specify the organization ABC123 SYSTEMS INC, enter:
host1/Admin
(config-csr-params)#organization-name ABC123 SYSTEMS INCRelated Commands
(config-csr-params) common-name
(config-csr-params) country-name
(config-csr-params) organization-unit
(config-csr-params) serial-number
(config-csr-params) organization-unit
To define the organization unit parameter in the CSR parameter set, use the organization-unit command. Use the no form of the command to delete an existing organization unit from the CSR parameter set.
organization-unit unit
no organization-unit
Syntax Description
unit
Name that designates the unit (within an organization) in a CSR configuration file. Enter the organization unit as an alphanumeric string from 1 to 64 characters in length.
Command Modes
CSR parameters configuration mode
Command History
Usage Guidelines
The organization unit is an optional distinguished name attribute.
Examples
To specify the organization unit SSL ACCELERATOR, enter:
host1/Admin
(config-csr-params)#organization-unit SSL ACCELERATORRelated Commands
(config-csr-params) common-name
(config-csr-params) country-name
(config-csr-params) organization-name
(config-csr-params) serial-number
(config-csr-params) serial-number
To define the serial number parameter in the CSR parameter set, use the serial-number command. Use the no form of the command to delete an existing serial number from the CSR parameter set.
serial-number number
no serial-number
Syntax Description
number
Number that designates the serial number in a CSR parameter set. Enter the serial number as an alphanumeric string from 1 to 16 characters in length.
Command Modes
CSR parameters configuration mode
Command History
Usage Guidelines
The serial number is a required distinguished name attribute. If you do not configure this attribute (and all other required attributes), the ACE displays an error message when you try to generate a CSR using the CSR parameter set.
The CA may choose to overwrite the serial number that you provide with their own serial number.
Examples
To specify the serial number 1001, enter:
(config-csr-params)#serial-number 1001Related Commands
(config-csr-params) common-name
(config-csr-params) country-name
(config-csr-params) organization-name
(config-csr-params) organization-unit
(config-csr-params) state
To define the state name parameter in the CSR parameter set, use the state command. Use the no form of the command to delete an existing state name from the CSR parameter set.
state name
no state
Syntax Description
name
Name that designates the state or province in a CSR configuration file. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.
Command Modes
CSR parameters configuration mode
Command History
Usage Guidelines
The state name is a required distinguished name attribute. If you do not configure this attribute (and all other required attributes), the ACE displays an error message when you try to generate a CSR using the CSR parameter set.
Examples
To specify the state GA (Georgia), enter:
host1/Admin
(config-csr-params)#state GARelated Commands
(config-csr-params) common-name
(config-csr-params) country-name
(config-csr-params) organization-name
(config-csr-params) organization-unit
(config-csr-params) serial-number