Set pki certificate – Allied Telesis AT-S63 User Manual

Page 783

background image

AT-S63 Management Software Command Line User’s Guide

Section IX: Management Security

783

SET PKI CERTIFICATE

Syntax

set pki certificate="

name

"

[trusted=yes|no|on|off|true|false] [type=ca|ee|self]

Parameters

certificate

Specifies the certificate name whose trust or type you want to
change. The name is case sensitive. If the name contains
spaces, it must be enclosed in quotes.

trusted

Specifies whether or not the certificate is from a trusted CA.
The options are:

yes, on, true

Specifies that the certificate is from a trusted
CA. This is the default. The options are
equivalent.

no, off, false

Specifies that the certificate is not from a
trusted CA. The options are equivalent.

type

Specifies a type for the certificate. The options are:

ca

Tags the certificate as a CA certificate.

ee

Tags the certificate as belonging to another end entity

(EE). This is the default.

self

Tags the certificate as its own.

Description

This command changes the level of trust and type for a certificate in the
switch’s certificate database. To list the certificates in the database, refer
to “SHOW PKI CERTIFICATE” on page 788.

The TRUSTED parameter specifies whether the certificate is from a
trusted CA. The default is TRUE. Only self-signed root CA certificates are
typically set to be automatically trusted, and only after the user has
checked the certificate’s fingerprint and other details using “SHOW PKI
CERTIFICATE” on page 788.

The TYPE parameter specifies the certificate type. If CA is specified, the
switch tags this certificate as a CA certificate. If ENDENTITY or EE is
specified, the switch tags the certificate to indicate that it belongs to an end
entity. If SELF is specified, the switch tags the certificate as its own. The
default is ENDENTITY.