This chapter describes how to use the available show commands to display SSL-related information, such as the certificate and key pair files loaded on the ACE. The show commands display information associated with the context from which you execute the command. Each command described in this chapter also includes an explanation of the command output.
While the show commands are Exec mode commands, you can execute a show command from any configuration mode by using the do command. The following examples show how to execute the show running-config command from either Exec mode or configuration mode.
From Exec mode, enter:
host1/Admin# show running-config
From configuration mode, enter:
host1/Admin(config)# do show running-config
This chapter contains the following major sections:
•Displaying CSR Parameter Set Configurations
•Displaying the List of Certificate and Key Pair Files
•Displaying Certificate Information
•Displaying RSA Key Pair Information
•Displaying Certificate Chain Group Information
•Displaying Client Authentication Group Information
•Displaying Cached TLS and SSL Session Entries
•Displaying TLS and SSL Statistics
To display the CSR parameter set summary and detailed reports, use the show crypto csr-params command in Exec mode.
The syntax of this command is as follows:
show crypto csr-params {params_set | all}
The arguments and keywords are:
•params_set— argument is a specific CSR parameter set. Enter an unquoted alphanumeric string with a maximum of 64 characters. The ACE displays the detailed report for the specified CSR parameter set. The detailed report contains the distinguished name attributes of the CSR parameter set.
•To display the summary report that lists all the CSR parameter sets for the current context, enter the command without specifying a CSR parameter set.
For example, to display the CSR parameter set summary report, enter:
host1/Admin# show crypto csr-params all
The following example shows how to display the detailed report for the MYCSRCONFIG CSR parameter set:
host1/Admin# show crypto csr-params MTCSRCONFIG
Table 6-1 describes the fields in the show crypto csr-params command output.
To display a list of all available certificate and key pair files, use the show crypto files command in Exec mode.
For example, to display the list of certificate and key pair files, enter:
host1/Admin# show crypto files
Table 6-2 describes the fields in the show crypto files command output.
|
|
---|---|
Filename |
Name of the file that contains the certificate or key pair. |
Size |
Size of the file. |
Type |
Format of the file: PEM, DER, or PKCS12. |
Exportable |
Indicates whether you can export the file from the ACE using the crypto export command: • • |
Key/Cert |
Indicates whether the file contains a certificate (CERT), a key pair (KEY), or both (BOTH). |
To display the certificate summary and detailed reports, use the show crypto certificate command in Exec mode.
The syntax of this command is as follows:
show crypto certificate {filename | all}
The keywords and arguments are as follows:
•filename—Name of a specific certificate file. Enter an unquoted alphanumeric string with a maximum of 40 characters. The ACE displays the certificate detailed report for the specified file. If the certificate file contains a chain, the ACE displays only the bottom level certificate (the signers are not displayed).
•all—Displays the certificate summary report that lists all the certificate files for the current context.
For example, to display the certificate summary report, enter:
host1/Admin# show crypto certificate all
Table 6-3 describes the fields in the show crypto certificate all command output.
The following example shows how to display the detailed report for the MYCERT.PEM certificate file:
host1/Admin# show crypto certificate MYCERT.PEM
Table 6-4 describes the fields in the show crypto certificate filename command output.
To display a list of certificate revocation lists (CRLs) or definitions for a specified CRL in a context, use the show crypto crl command in Exec mode. The syntax of this command is as follows:
show crypto crl {crl_name | all}
The keywords and arguments are as follows:
•crl_name—Name of a specific CRL configured in the context. Enter an unquoted alphanumeric string. The ACE displays the definitions for the specified CRL.
•all—Displays a lists of all CRLs configured in the context.
For example, to display a list of all CRLs, enter:
host1/Admin# show crypto crl all
To display the definitions for a specific CRL, for example CRL1, enter:
host1/Admin# show crypto crl CRL1
Table 6-5 describes the fields in the show crypto crl crl_name command output.
Note To view whether the ACE rejects client certificates when the CRL in use is expired, use the show parameter-map command.
To display the key pair file summary and detailed reports, use the show crypto key command in Exec mode.
The syntax of this command is as follows:
show crypto key {filename | all}
The keywords and arguments are as follows:
•filename—Name of a specific key pair file. Enter an unquoted alphanumeric string with a maximum of 40 characters. The ACE displays the key pair detailed report for the specified file.
•all—Displays the key pair summary report that lists all of the available key pair files.
For example, to display the key pair summary report, enter:
host1/Admin# show crypto all
Table 6-6 describes the fields in the show crypto key command output.
The following example shows how to display the detailed report for the public and private keys contained in the MYKEYS.PEM key pair file:
host1/Admin# show crypto key MYKEYS.PEM
1024-bit RSA keypair
Table 6-7 describes the fields in the show crypto key filename command output.
To display the chain group file summary and detailed reports, use the show crypto chaingroup command in Exec mode.
The syntax of this command is as follows:
show crypto chaingroup {filename | all}
The keywords and arguments are as follows:
•filename—Name of a specific chain group file. Enter an unquoted alphanumeric string with a maximum of 64 characters. The ACE displays the chain group detailed report for the specified file. The detailed report contains a list of the certificates configured for the chain group.
•all—Displays the chain group summary report that lists each of the available chain group files. The summary report also lists the certificates configured for each chain group.
For example, to display the chain group summary report, enter:
host1/Admin# show crypto chaingroup all
The following example shows how to display the detailed report of the certificates configured for the MYCERTGROUP chain group:
host1/Admin# show crypto chaingroup MYCERTGROUP
Table 6-8 describes the fields in the show crypto chaingroup command output.
To display a list of certificates for each authentication group or the certificates in a specified client authentication group including the Subject and Issuer information for each certificate, use the show crypto authgroup command in Exec mode.
The syntax of this command is as follows:
show crypto authgroup {group_name | all}
The keywords and arguments are as follows:
•group_name—Name of a specific authentication group file. Enter an unquoted alphanumeric string with a maximum of 64 characters.
•all—Displays the list of certificates for each authentication groups.
For example, to display the list of certificates for each authentication group, enter:
host1/Admin# show crypto authgroup all
To display each certificate for the AUTH-CERT1 group including the Subject and Issuer information for each certificate, enter:
host1/Admin# show crypto authgroup AUTH-CERT1
Table 6-9 describes the fields in the show crypto authgroup group_name command output.
To display the number of cached TLS and SSL client and server session entries in the current context, use the show crypto session command in Exec mode.
The syntax of this command is as follows:
show crypto session
For example, enter:
host1/Admin# show crypto session
To display TLS and SSL client or server statistics for the current context, use the show stats crypto command in Exec mode.
The syntax of this command is as follows:
show stats crypto {client | server}
The keywords are as follows:
•client—Displays the TLS and SSL client statistics.
•server—Displays TLS and SSL server statistics.
For example, to display the client statistics, enter:
host1/Admin# show stats crypto client
To display the server statistics, enter:
host1/Admin# show stats crypto server
Table 6-10 describes the fields in the show stats crypto command output.