ORBEM Configuration Mode Commands

The ORBEM Configuration Mode is used to manage the Object Request Broker Element Manager (ORBEM) server options for the current context.

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

activate

Activates/deactivates a Common Object Request Broker Architecture (CORBA) client for the ORBEM interface.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
active client idno active client id
no

Indicates the client specified is to be deactivated. When omitted, the client is activated.

id name

Specifies the client to be activated. name must refer to a previously configured client expressed as an alphanumeric string of 1 through 10 characters.


Usage:

Activates CORBA clients after they have been configured or deactivated by the system or by configuration.


Example:
active client wem
no active client wem
client

Configures/removes a CORBA client from the ORB element manager system interface.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
client id name [ encrypted ] password pwdno client id name
no

Indicates the client specified is to be removed from the configuration.

id name

Specifies the client to be configured. name must be an alphanumeric string of 1 through 10 characters.

encrypted

Indicates password specified is encrypted.

The encrypted keyword is intended only for use by the chassis while saving configuration scripts. The system displays the encrypted keyword in the configuration file as a flag that the variable following the password keyword is the encrypted version of the plain text password. Only the encrypted password is saved as part of the configuration file.

password pwd

Specifies the password for the CORBA client. pwd must be an alphanumeric string of 1 through 35 characters.


Usage:

ORBEM clients must be configured prior to being activated.


Example:
The following commands set the password for client wem specifying a plain text password and an encrypted password as well.
client id wem password wem1001
client id wem encrypted
password f54gj801sd
The following deletes wem from the configuration.
no client id wem
default

Restores the system default values for the option specified.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
default { event-notif-iiop-port | event-notif-service
filter | event-notif-siop-port | iiop-port | iop-address | max-attempt | session-timeout | siop-port }
event-notif-iiop-port

Restores the port number for the inter-ORB event notifications to the system default: 7778.

event-notif-service filter

Restores the ORB Notification Service filter to its default behavior of sending all “error” level and higher events, and “info” level events for the orbs facility, CLI command logs, and license change logs.

event-notif-siop-port

Restores the port to use for secure socket layer inter-ORB event communication to the system default: 7777.

iiop-port

Restores the port number for inter-ORB communications to the system default: 14132.

iop-address

Restores the IP address for inter-ORB communications to the system default: IP address of current context.

max-attempt

Restores the maximum number of failed login attempts before which the client is deactivated to the system default: 3 attempts.

session-timeout

restores the amount of idle time (no activity) before a session is terminated to the system default: 300 seconds.

siop-port

Restores the secure socket layer I/O port for inter-ORB events to the system default: 14131.


Usage:

Restore the ORB element manager options to a well known values, the system defaults.


Example:
default event-notif-iiop-port
default max-attempt
end

Exits the current configuration mode and returns to the Exec mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
end

Usage:

Use this command to return to the Exec mode.

event-notif-iiop-port

Configures the port number for Internet inter-ORB event notifications.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
event-notif-iiop-port number
number

Default: 7778

Specifies the port number to use as an integer from 1 through 65535.


Usage:

Explicitly set the port number when the default port number is not the desired port value for integrating multiple products together for standardized inter-ORB communications.

Event notification port configured is only used if the Internet inter-ORB transport is enabled via the iiop-transport command with the event notification service being enabled as well.


Example:
event-notif-iiop-port 25466
event-notif-service

Enables or disables the ORB Notification Service and allows the configuration of filters dictating which event notifications are sent.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] event-notif-service [ filter { event-id event_id [ to  final_event_id ] | facility event_facility level event_level } ]
no

Disables the event notification service.

filter

Specifies a filter that determines for which events the system sends notifications.

event-id event_id [ to final_event_id ]

Specifies an event filter based on event identification (event ID) number.

event_id is a specific event ID to filter or is the initial event ID in range if the to keyword is used. It can be configured to an integer from 1 through 100000.

to allows the specification of a range of event IDs to filter. When used, final_event_id specifies the last event ID in the range to be filtered. It can be configured to an integer from 1 through 100000, but must be a value greater than the initial event ID.

facility event_facility level event_level

Specifies an event filter based on facility type and notification severity level.

event_facility specifies the facility type and can be any one of the following:

  • a10: A10 interface facility
  • a11: A11 interface facility
  • a11mgr: A11 Manager facility
  • aaa-client: Authentication, Authorization and Accounting (AAA) client facility
  • aaamgr: AAA manager logging facility
  • aaaproxy: AAA Proxy facility
  • aal2: ATM Adaptation Layer 2 (AAL2) protocol logging facility
  • acl-log: Access Control List (ACL) logging facility
  • acsctrl: Active Charging Service (ACS) Controller facility
  • acsmgr: ACS Manager facility
  • alarmctrl: Alarm Controller facility
  • alcap: Access Link Control Application Part (ALCAP) protocol logging facility
  • alcapmgr: ALCAP manager logging facility
  • all: All facilities
  • asngwmgr: Access Service Network (ASN) Gateway Manager facility
  • asnpcmgr: ASN Paging Controller Manager facility
  • bfd: Bidirectional Forwarding Detection (BFD) protocol logging facility
  • bgp: Border Gateway Protocol (BGP) facility
  • bssap+: Base Station Sub-system Application Part+ protocol facility for the login interface between the SGSN and the MSC/VLR (2.5G and 3G)
  • bssgp: Base Station Sub-system GPRS Protocol logging facility handles exchange information between the SGSN and the BSS (2.5G only)
  • callhome: Call Home application logging facility
  • cap: CAMEL Application Part (CAP) logging facility for protocol used in prepaid applications (2.5G and 3G)
  • cli: Command Line Interface (CLI) logging facility
  • credit-control: Credit Control (CC) facility
  • cscf: IMS/MMD Call Session Control Function (CSCF)
  • cscfmgr: SIP CSCF Manager facility
  • cscfnpdb: CSCF Number Portability Database (NPDB) logging facility
  • cscfttmgr: SIP CSCF Tunnel and Transport Manager facility
  • csp: Card/Slot/Port controller facility
  • css: Content Service Selection (CSS) facility
  • css-sig: CSS RADIUS Signaling facility
  • cx-diameter: Cx Diameter Messages facility
  • dcardctrl: IPSec Daughter Card Controller logging facility
  • dcardmgr: IPSec Daughter Card Manager logging facility
  • demuxmgr: Demux Manager API facility
  • dgmbmgr: Diameter Gmb Application Manager logging facility
  • dhcp: Dynamic Host Configuration Protocol (DHCP) logging facility
  • dhcpv6: DHCPv6
  • dhost: Distributed Host logging facility
  • diabase: Diabase messages facility
  • diameter: Diameter endpoint logging facility
  • diameter-acct: Diameter Accounting
  • diameter-auth: Diameter Authentication
  • diameter-dns: Diameter DNS subsystem
  • diameter-ecs: ACS Diameter signaling facility
  • diameter-hdd: Diameter Horizontal Directional Drilling (HDD) Interface facility
  • diameter-svc: Diameter Service
  • diamproxy: DiamProxy logging facility
  • dpath: IPSec Data Path facility
  • drvctrl: Driver Controller facility
  • eap-ipsec: Extensible Authentication Protocol (EAP) IPSec facility
  • eap-sta-s6a-s13-s6b-diameter: EAP/STA/S6A/S13/S6B Diameter messages facility
  • ecs-css: ACSMGR <-> Session Manager Signalling Interface facility
  • egtpc: eGTP-C logging facility
  • egtpmgr: enhanced GPRS Tunneling Protocol (eGTP) manager logging facility
  • egtpu: eGTP-U logging facility
  • epdg: evolved Packet Data (ePDG) gateway logging facility
  • evlog: Event log facility
  • famgr: Foreign Agent manager logging facility
  • firewall: Firewall logging facility
  • fng: Femto Network Gateway (FNG) logging facility
  • gmm: For 2.5G: Logs the GPRS Mobility Management (GMM) layer (above LLC layer) For 3G: Logs the access application layer (above the RANAP layer)
  • gprs-app: GPRS Application logging facility
  • gprs-ns: GPRS Network Service Protocol (layer between SGSN and the BSS) logging facility
  • gq-rx-tx-diameter: Gq/Rx/Tx Diameter messages facility
  • gss-gcdr: GTPP Storage Server GCDR facility
  • gtpc: GTP-C protocol logging facility
  • gtpcmgr: GTP-C protocol manager logging facility
  • gtpp: GTP-prime protocol logging facility
  • gtpu: GTP-U protocol logging facility
  • gtpumgr: GTP-U Demux manager
  • gx-ty-diameter: Gx/Ty Diameter messages facility
  • gy-diameter: Gy Diameter messages facility
  • hamgr: Home Agent manager logging facility
  • hat: High Availability Task (HAT) process facility
  • hdctrl: HD Controller logging facility
  • hnb-gw: HNB-GW (3G Femto GW) logging facility
  • hnbmgr: HNB-GW Demux Manager logging facility
  • hss-peer-service: Home Subscriber Server (HSS) Peer Service facility
  • igmp: Internet Group Management Protocol (IGMP)
  • ikev2: Internet Key Exchange version 2 (IKEv2)
  • ims-authorizatn: IP Multimedia Subsystem (IMS) Authorization Service facility
  • ims-sh: HSS Diameter Sh Interface Service facility
  • imsimgr: SGSN IMSI Manager facility
  • imsue: IMS User Equipment (IMSUE) facility
  • ip-arp: IP Address Resolution Protocol facility
  • ip-interface: IP interface facility
  • ip-route: IP route facility
  • ipms: Intelligent Packet Monitoring System (IPMS) logging facility
  • ipsec: IP Security logging facility
  • ipsg: IP Service Gateway interface logging facility
  • ipsgmgr: IP Services Gateway facility
  • ipsp: IP Pool Sharing Protocol logging facility
  • kvstore: Key/Value Store (KVSTORE) Store facility
  • l2tp-control: Layer 2 Tunneling Precool (L2TP) control logging facility
  • l2tp-data: L2TP data logging facility
  • l2tpdemux: L2TP Demux Manager logging facility
  • l2tpmgr: L2TP Manager logging facility
  • lagmgr: Link Aggregation Group (LAG) manager logging facility
  • li: Refer to the Lawful Intercept Interface Reference for a description of this command.
  • linkmgr: SGSN/BSS SS7 Link Manager logging facility (2.5G only)
  • llc: Logical Link Control (LLC) Protocol logging facility; for SGSN: logs the LLC layer between the GMM and the BSSGP layers for logical links between the MS and the SGSN
  • local-policy: Local Policy Service facility
  • location-service: Location Services facility
  • m3ua: M3UA Protocol logging facility
  • magmgr: Mobile Access Gateway manager logging facility
  • map: Mobile Application Part (MAP) protocol logging facility
  • megadiammgr: MegaDiameter Manager (SLF Service) logging facility
  • mme-app: Mobility Management Entity (MME) Application logging facility
  • mme-misc: MME miscellaneous logging facility
  • mmedemux: MME Demux Manager logging facility
  • mmemgr: MME Manager facility
  • mmgr: Master Manager logging facility
  • mobile-ip: Mobile IP processes
  • mobile-ip-data: Mobile IP data facility
  • mobile-ipv6: Mobile IPv6 logging facility
  • mpls: Multiprotocol Label Switching (MPLS) protocol logging facility
  • mtp2: Message Transfer Part 2 (MTP2) Service logging facility
  • mtp3: Message Transfer Part 3 (MTP3) Protocol logging facility
  • multicast-proxy: Multicast Proxy logging facility
  • npuctrl: Network Processor Unit Control facility
  • npumgr: Network Processor Unit Manager facility
  • npumgr-acl: NPUMGR ACL logging facility
  • npumgr-flow: NPUMGR FLOW logging facility
  • npumgr-fwd: NPUMGR FWD logging facility
  • npumgr-init: NPUMGR INIT logging facility
  • npumgr-port: NPUMGR PORT logging facility
  • npumgr-recovery: NPUMGR RECOVERY logging facility
  • ntfy-intf: Notification Interface logging facility [Release 12.0 and earlier versions only]
  • ogw-app: Offload Gateway (OGW) application logging facility [Release 12.0 and earlier versions only]
  • ogw-gtpc: OGW GTP-C application logging facility [Release 12.0 and earlier versions only]
  • ogw-gtpu: OGW GTP-U application logging facility [Release 12.0 and earlier versions only]
  • ogwmgr: OGW Demux Manager logging facility [Release 12.0 and earlier versions only]
  • orbs: Object Request Broker System logging facility
  • ospf: OSPF protocol logging facility
  • ospfv3: OSPFv3 protocol logging facility
  • p2p: Peer-to-Peer Detection logging facility
  • pdg: Packet Data Gateway (PDG) logging facility
  • pdgdmgr: PDG Demux Manager logging facility
  • pdif: Packet Data Interworking Function (PDIF) logging facility
  • pgw: Packet Data Network Gateway (PGW) logging facility
  • phs: Payload Header Suppression (PHS)
  • phs-control: PHS X1/X5 and X2/X6 Interface logging facility
  • phs-data: PHS Data logging facility
  • phs-eapol: PHS EAP over LAN (EAPOL) logging facility
  • phsgwmgr: PHS Gateway Manager facility
  • phspcmgr: PHS Paging Controller Manager facility
  • pmm-app: Packet Mobility Management (PMM) application logging facility
  • ppp: Point-To-Point Protocol (PPP) link and packet facilities
  • pppoe: PPP over Ethernet logging facility
  • push: VPNMGR CDR push logging facility
  • radius-acct: RADIUS accounting logging facility
  • radius-auth: RADIUS authentication logging facility
  • radius-coa: RADIUS change of authorization and radius disconnect
  • ranap: Radio Access Network Application Part (RANAP) Protocol facility logging info flow between SGSN and RNS (3G)
  • rct: Recovery Control Task logging facility
  • rdt: Redirect Task logging facility
  • resmgr: Resource Manager logging facility
  • rf-diameter: Diameter Rf interface messages facility
  • rip: Routing Information Protocol (RIP) logging facility [RIP is not supported at this time.]
  • rohc: Robust Header Compression (RoHC) facility
  • rsvp: Reservation Protocol logging facility
  • rua: RANAP User Adaptation (RUA) [3G Femto GW - RUA messages] logging facility
  • s1ap: S1 Application Protocol (S1AP) Protocol logging facility
  • sccp: Signalling Connection Control Part (SCCP) Protocol logging (connection-oriented messages between RANAP and TCAP layers).
  • sct: Shared Configuration Task logging facility
  • sctp: Stream Control Transmission Protocol (SCTP) Protocol logging facility
  • sessctrl: Session Controller logging facility
  • sessmgr: Session Manager logging facility
  • sesstrc: session trace logging facility
  • sft: Switch Fabric Task logging facility
  • sgs: SGs interface protocol logging facility
  • sgsn-app: SGSN-APP logging various SGSN “glue” interfaces (for example, between PMM, MAP, GPRS-FSM, SMS).
  • sgsn-failures: SGSN call failures (attach/activate rejects) logging facility (2.5G)
  • sgsn-gtpc: SGSN GTP-C Protocol logging control messages between the SGSN and the GGSN
  • sgsn-gtpu: SGSN GTP-U Protocol logging user data messages between the SGSN and GGSN
  • sgsn-mbms-bearer: SGSN Multimedia Broadcast/Multicast Service (MBMS) Bearer app (SMGR) logging facility
  • sgsn-misc: Used by stack manager to log binding and removing between layers
  • sgsn-system: SGSN System Components logging facility (used infrequently)
  • sgsn-test: SGSN Tests logging facility; used infrequently
  • sgtpcmgr: SGSN GTP-C Manager logging information exchange through SGTPC and the GGSN
  • sgw: Serving Gateway facility
  • sh-diameter: Sh Diameter messages facility
  • sitmain: System Initialization Task main logging facility
  • sm-app: SM Protocol logging facility
  • sms: Short Message Service (SMS) logging messages between the MS and the SMSC
  • sndcp: Sub Network Dependent Convergence Protocol (SNDCP) logging facility
  • snmp: SNMP logging facility
  • srdb: Static Rating Database
  • srp: Service Redundancy Protocol (SRP) logging facility
  • sscfnni: SSCFNNI Protocol logging facility
  • sscop: SSCOP Protocol logging facility
  • ssh-ipsec: SSH IP Security logging facility
  • ssl: Secure Socket Layer (SSL) message logging facility
  • stat: Statistics logging facility
  • system: System logging facility
  • tacacsplus: TACACS+ Protocol logging facility
  • tcap: TCAP Protocol logging facility
  • testctrl: Test Controller logging facility
  • testmgr: Test Manager logging facility
  • threshold: threshold logging facility
  • ttg: Tunnel Termination Gateway (TTG) logging facility
  • tucl: TCP/UDP Convergence Layer (TUCL) logging facility
  • udr: User Data Record (UDR) facility (used with the Charging Service)
  • user-data: User data logging facility
  • user-l3tunnel: User Layer 3 tunnel logging facility
  • usertcp-stack: User TCP Stack
  • vpn: Virtual Private Network logging facility
  • wimax-data: WiMAX DATA
  • wimax-r6: WiMAX R6
event_level

specifies the severity level of the event notification to filter and can be configured to one of the following:

  • critical: display critical events
  • error: display error events and all events with a higher severity level
  • warning: display warning events and all events with a higher severity level
  • unusual: display unusual events and all events with a higher severity level
  • info: display info events and all events with a higher severity level
  • trace: display trace events and all events with a higher severity level
  • debug: display all events

Usage:

This command is used to enable or disable the ORB Notification Service. Additionally, it can be used to configure filters dictating which events are sent. This service is disabled by default.

Filters can be configured for a specific event identification number (event ID), a range of event IDs, or specific severity levels for events for particular facilities.

When no filters are configured and the service is enabled, the ORB Notification Service sends all “error” level and higher events, and “info” level events for the orbs facility, CLI command logs, and license change logs.

Multiple instance of this command can be executed to configure multiple filters.


Example:
The following command enables the ORB Notification service:
event-notif-service
The following command disables the ORB Notification service:
no event-notif-service
The following command configures a filter for the ORB Notification Service allowing only event IDs 800 through 805 to be sent:
event-notif-service
filter event-id 800 to 805 
The following command configures a filter for the ORB Notification Service allowing only critical level notifications for all facilities:
event-notif-service
filter facility all level critical
event-notif-siop-port

Configures the port to use for secure socket layer (SSL) inter-ORB event communication.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
event-notif-siop-port number
number

Default: 7777

Specifies the port number to use as an integer from 1 through 65535.


Usage:

Explicitly set the port number when the default port number is not the desired port value for integrating multiple products together for inter-ORB communications using SSL.


Example:
event-notif-siop-port 25466
exit

Exits the current mode and returns to the parent configuration mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
exit

Usage:

Use this command to return to the parent configuration mode.

iiop-port

Configures the port number for Internet Inter-ORB Protocol (IIOP) communications.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] iiop-port number
no

Disables the IIOP port.

number

Default: 14132

Specifies the port number to use as an integer from 1 through 65535.


Usage:

Explicitly set the port number when the default port number is not the desired port value for integrating multiple products together for standardized inter-ORB communications.

Internet inter-ORB port is only used if IIOP transport is enabled via the iiop-transport command.


Example:
iiop-port 25466
iiop-transport

Enables/disables use of the Internet Inter-ORB Protocol (IIOP) for management across the network.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
iiop-transportno iiop-transport
no

Disables internet inter-ORB protocol communication across the network.


Usage:

Enables the transport of IIOP messages to support remote management across the network.

The default is IIOP transport disabled.


Example:
The following commands enable and disable the ORB-based management across the network, respectively.
iiop-transport
no iiop-transport
iop-address

Sets the IP address used by the ORBEM Server to advertise service.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
iop-address ip_address
ip_address

Specifies the IP address to use for inter-ORB communications for the current context. ip_address must be specified using IPv4 dotted-decimal notation.


Usage:

Change the inter-ORB IP address when the IP address of the current context should not be used. The IP address of the local context may not be appropriate when the ORB configuration across nodes would cause conflicts with the IP addresses.

The default inter-ORB IP address is the IP address of the current context.


Example:
iop-address 10.2.3.4
max-attempt

Configures the maximum number of failed login attempts after which the client is deactivated.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
max-attempt count
count

Default: 3 attempts

Specifies the number of failed login attempts prior to deactivating a client. The value must be an integer from 1 through 10.


Usage:

Adjust the maximum number of attempts to a smaller value to increase the security level of the system.


Example:
max-attempt 3
session-timeout

Configures the amount of idle time (no activity) before a client session is terminated.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
session-timeout seconds
seconds

Default: 300 seconds

Specifies the number of seconds of idle time before a client session is terminated. The value must be must be an integer from 1 through 86400.


Usage:

Reduce the session timeout when the maximum number of sessions allowed is frequently being reached. Setting this to a lower value will help release idle sessions faster to allow use by other clients.


Example:
session-timeout 1800
siop-port

Configures the SSL I/O port for inter-ORB events.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
siop-port number
number

Default: 14131

Specifies the port number to use as an integer from 1 through 65535.


Usage:

Explicitly set the port number when the default port number is not the desired port value for integrating multiple products together for inter-ORB communications.


Example:
siop-port 25466
ssl-auth-policy

Configures the SSL peer authentication policy used by the ORBEM server.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
ssl-auth-policy { auth-none | auth-once | auth-once-fail | auth-peer | auth-peer-fail }
auth-none | auth-once | auth-once-fail | auth-peer | auth-peer-fail

Default: auth-none

auth-none: ORBEM server does not authenticate the peer

auth-once: ORBEM server authenticates the peer once (no fail)

auth-once-fail: ORBEM server authenticates the peer once (fail if no certificate)

auth-peer: ORBEM server authenticates the peer every time (no fail)

auth-peer-fail: ORBEM server authenticates the peer every time (fail if no certificate)


Usage:

Use to configure the peer authentication policy used by the SSL transport of ORBEM.


Example:
The following command sets the policy to authenticate the peer once without failure.
ssl-auth-policy auth-once
ssl-certificate

Defines the certificate to be used by the SSL transport of ORBEM.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
ssl-certificate { string certificate | file url }
string certificate

Specifies an ORBEM SSL certificate. certificate is an alphanumeric string of up to 4096 characters.

file url

Default: /usr/ssl/certs/orbscert.pem

Specifies an ORBEM SSL certificate file and location. url is an alphanumeric string of up to 1024 characters.


Usage:

Use to configure the certificate to be used by the SSL transport of ORBEM. Note that if the file option is used, the certificate content is read from the url and converted into a quoted string.


Example:
The following command defines the certificate cert3.pem file as being located in the /usr/ssl/certs directory:
ssl-certificate file /usr/ssl/certs/cert3.pem
The following command defines the certificate string (the string shown is abbreviated):
ssl-certificate string

"-----BEGIN CERTIFICATE-----\n\

MIIELDCCA5WgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCVVMx\n\

FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCVRld2tzYnVyeTEeMBwG\n\

A1UEChMVU3RhcmVudCBOZXR3b3JrcyBJbmMuMSIwIAYDVQQLExlFbGVtZW50IE1h\n\

bmFnZW1lbnQgU3lzdGVtMQ4wDAYDVQQDEwVPUkJFTTEiMCAGCSqGSIb3DQEJARYT\n\

b3JiZW1AbnVsaW5raW5jLmNvbTAeFw0wMjA5MDYxMjE5MTNaFw0yMjA5MDExMjE5\n\

MTNaMIGxMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAG\n\

A1UdDgQWBBSpuGGMTwgaq8H+e70ZPIFHVZjiWDCB3gYDVR0jBIHWMIHTgBRkVBzy\n\

4zW5Gv0pXcwT07PtzCm53qGBt6SBtDCBsTELMAkGA1UEBhMCVVMxFjAUBgNVBAgT\n\

DU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCVRld2tzYnVyeTEeMBwGA1UEChMVU3Rh\n\

cmVudCBOZXR3b3JrcyBJbmMuMSIwIAYDVQQLExlFbGVtZW50IE1hbmFnZW1lbnQg\n\

U3lzdGVtMQ4wDAYDVQQDEwVPUkJFTTEiMCAGCSqGSIb3DQEJARYTb3JiZW1AbnVs\n\

aW5raW5jLmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQATOdeDWikcoUIU8Gth9wr4\n\

Z5Fi8akXHhKhN7UMKyiW/Nn5NyfqPIA+9JwYMqwVOG8ybtfBQIGRCQodbXUm6Z9Z\n\

cM3XxWKVKHVolGS83f/JfpSLnuGkBIW8m3p/snHBH2BtgNT8OLItlTdBHedTKL72\n\

ZIxGF9/ok9hUqU4ikzQcEQ==\n\

-----END CERTIFICATE-----\n"

ssl-private-key

Configures the SSL private key used by the ORBEM server.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
ssl-private-key { string key | file url }
string key

Specifies an ORBEM SSL private key. key is an alphanumeric string of up to 4096 characters.

file url

Default: /usr/ssl/certs/orbscert.pem

Specifies the ORBEM SSL private key file location. Turl is an alphanumeric string of up to 1024 characters.


Usage:

Use to configure the private key for the SSL transport of ORBEM. Note that if file option is used, the private key is read from the url and converted into a quoted string.


Example:
The following command defines the private-key cert3.pem file as being located in the /usr/ssl/certs directory:
ssl-private-key file /usr/ssl/certs/cert3.pem
The following command defines the private-key string (the string shown is abbreviated):
ssl-private-key string 

"-----BEGIN RSA PRIVATE KEY-----\n\

MIICXQIBAAKBgQC6Dh79iaK/zZG/Kwme2XS6G8/n3/+sac6huxI1WNyammyYZKZp\n\

XTjHUlS92fvn0UUM4tFjN4XoqveSiqy3IqUhnVKS3+0L7s9beanQUJuR9MdLy9Ho\n\

7qh720wpN4isqN7YfGLoqGslLQjhS8z6ZT0ZUhyusY0rE6yHTV23nHKNtQIDAQAB\n\

9br1iVWvy/N23WXwZIiH+e1tBfHqlSd/0wJBANEEOgH/vJse/YdHeYjlT76IcGRp\n\

Tq6ldBXdoLRDGUF2AqdboJ7wWCOJQO34XbBtmWFfTkqz48Mi6uh3/5kDfH8CQGAl\n\

XObwPFRztvkXprZfh7IekxAIuoHiT1JsEKSIGPzEqDY2rmoWDghOvPETO+5zWEQk\n\

TXzLaRHgbIy9MKnXSt8CQQCcBfT7VndEfG9VWyPzeL4vx4ZhUMZQ6FIJdXo7Xq9x\n\

mzX8hgIcfdg3tahlNt35gL/DjUY7d14+MgLrRf3Udbk9\n\

-----END RSA PRIVATE KEY-----\n"