Certificate CLI Commands

Use the certificate commands to create a certificate signing request (CSR), and to install server, CA, or trusted path certificates on the Guardium appliance.

csr (certificate signing request)

Generates a CSR for the Guardium appliance. Do not perform this action until after the appliance network configuration parameters have been set. Within the generated CSR, the common name (CN) will be created automatically from the host and domain names assigned.

Syntax

csr

Parameters

There are no parameters, but you will be prompted to supply the organizational unit (OU), country code (C), and so forth. Be sure to enter this information correctly. The last prompt is as follows:

What encryption algorithm should be used (1=DSA or 2=RSA)?

DSA is the only algorithm that Guardium supported prior to version 7.0. You can find very detailed information on these algorithms by searching the web.

After you respond to the last prompt, the system displays a description of the request, followed by the request itself, and followed finally by additional instructions.  For example:

This is the generated CSR:

Certificate Request:

Data:

Version: 0 (0x0)

Subject: C=US, ST=MA, L=Waltham, O=XYZCorp, OU=Accounting, CN=g2.xyz.com

-----BEGIN NEW CERTIFICATE REQUEST-----                    

MIICWjCCAhcCAQAwVDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1dhbHRoYW0xETAPBgNVBAoTCEd1

YXJkaXVtMRUwEwYDVQQLEwxndWFyZGl1bS5jb20xCTAHBgNVBAMTADCCAbgwggEsBgcqhkjOOAQB

MIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2

y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQT

WhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3e

y7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8

FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB

TDv+z0kqA4GFAAKBgQCONsEB4g4/limbHkuZ5YnLn9CGM3a2evEnqjXZts4itxeTYwPQvdkjdSmQ

kaQlBxmNUsZOJZrq5nC5Cg3X9spa+BzFr+PgR/5zka17nHcxKXCjVjLk451L67KllXv61TUfv/bU

PKmiaGKDttsP2ktG4dBFXQdICJEGo0aNFCYn6qAAMAsGByqGSM44BAMFAAMwADAtAhUAhHTY5z9X

NiBAuyAC9PS4GzleYakCFF2kcfxfjX1BFy5I228XWMAU0N95

-----END NEW CERTIFICATE REQUEST-----

Please copy and paste this output to a file, starting at the BEGIN and END

lines, and use that file to work with your Certificate Authority in

obtaining a certificate. I will be expecting the incoming certificate to be in

PKCS#7 PEM format. Your CA will help you in receiving that format.

Once you have it, please use the "store certificate" command to

complete this operation.

Before continuing, check the Subject line to verify that you have entered your company information correctly. From this point forward, use whatever procedure you would normally use to obtain a server certificate from your CA. When you have obtained the server certificate, use the store certificate command to store the certificate on the appliance

store certificate console

Stores a server certificate on the Guardium appliance. Before executing the command, obtain a server certificate (in PEM format) from your CA and copy the certificate, including the Begin and End lines, to your clipboard.

Enter the command exactly as shown. You will receive the following information and prompt:

Please paste your new server certificate, in PEM format.

Include the BEGIN and END lines, then press CTRL-D.

If you have not done so already, copy the server certificate to your clipboard. Paste the PEM-format certificate to the command line, then press CRTL-D. You will be informed of the success or failure of the store operation.

When you are done, use the restart gui command to restart the Guardium GUI.

Syntax

store certificate console

store trusted certificate

Stores a CA or intermediate trusted path certificate on the Guardium appliance. See  Certificate Commands for a description of how to use all of the certificate commands.

When storing a CA and one or more intermediate certificates, you must store them in hierarchical order, beginning with the CA certificate. Before executing the command, obtain the appropriate certificate (in PEM format) from your CA, and copy the certificate, including the Begin and End lines, to your clipboard.

Enter the command exactly as shown. The following prompt will be displayed:

What is a one-word alias we can use to uniquely identify this certificate?

Enter a one-word name for the certificate and press Enter. The following instructions will be displayed:

Please paste your CA certificate, in PEM format.
Include the BEGIN and END lines, then press CTRL-D.

If you have not done so already, copy the certificate to your clipboard. Paste the PEM-format certificate to the command line, then press CRTL-D. You will be informed of the success or failure of the store operation.

When you are done storing all certificates on the trusted path, use the restart gui command to restart the Guardium GUI.

Syntax

store trusted certificate