ZyXEL Communications 3.1 User Manual
Chapter 32 Certificates
ZyWALL (ZLD) CLI Reference Guide
261
ca validation remote_certificate
Enters the sub command mode for validation of
certificates signed by the specified remote (trusted)
certificates.
certificates signed by the specified remote (trusted)
certificates.
cdp {activate|deactivate}
Turns certificate revocation on or off. When it is turned on,
the ZyWALL validates a certificate by getting a Certificate
Revocation List (CRL) through HTTP or LDAP (can be
configured after activating the LDAP checking option) and
online responder (can be configured after activating the
OCSP checking option). You also need to configure the
OSCP or LDAP server details.
the ZyWALL validates a certificate by getting a Certificate
Revocation List (CRL) through HTTP or LDAP (can be
configured after activating the LDAP checking option) and
online responder (can be configured after activating the
OCSP checking option). You also need to configure the
OSCP or LDAP server details.
ldap {activate|deactivate}
Has the ZyWALL check (or not check) incoming
certificates that are signed by this certificate against a
Certificate Revocation List (CRL) on a LDAP (Lightweight
Directory Access Protocol) directory server.
certificates that are signed by this certificate against a
Certificate Revocation List (CRL) on a LDAP (Lightweight
Directory Access Protocol) directory server.
ldap ip {ip|fqdn} port <1..65535> [id name
password password] [deactivate]
Sets the validation configuration for the specified remote
(trusted) certificate where the directory server uses LDAP.
(trusted) certificate where the directory server uses LDAP.
ip
: Type the IP address (in dotted decimal notation) or
the domain name of the directory server. The domain
name can use alphanumeric characters, periods and
hyphens. Up to 255 characters.
name can use alphanumeric characters, periods and
hyphens. Up to 255 characters.
port
: Specify the LDAP server port number. You must use
the same server port number that the directory server
uses. 389 is the default server port number for LDAP.
uses. 389 is the default server port number for LDAP.
The ZyWALL may need to authenticate itself in order to
access the CRL directory server. Type the login name (up
to 31 characters) from the entity maintaining the server
(usually a certification authority). You can use
alphanumeric characters, the underscore and the dash.
access the CRL directory server. Type the login name (up
to 31 characters) from the entity maintaining the server
(usually a certification authority). You can use
alphanumeric characters, the underscore and the dash.
Type the password (up to 31 characters) from the entity
maintaining the CRL directory server (usually a
certification authority). You can use the following
characters: a-zA-Z0-9;|`~!@#$%^&*()_+\{}':,./<>=-
maintaining the CRL directory server (usually a
certification authority). You can use the following
characters: a-zA-Z0-9;|`~!@#$%^&*()_+\{}':,./<>=-
ocsp {activate|deactivate}
Has the ZyWALL check (or not check) incoming
certificates that are signed by this certificate against a
directory server that uses OCSP (Online Certificate Status
Protocol).
certificates that are signed by this certificate against a
directory server that uses OCSP (Online Certificate Status
Protocol).
ocsp url url [id name password password]
[deactivate]
Sets the validation configuration for the specified remote
(trusted) certificate where the directory server uses OCSP.
(trusted) certificate where the directory server uses OCSP.
url
: Type the protocol, IP address and pathname of the
OCSP server.
name: The ZyWALL may need to authenticate itself in
order to access the OCSP server. Type the login name (up
to 31 characters) from the entity maintaining the server
(usually a certification authority). You can use
alphanumeric characters, the underscore and the dash.
order to access the OCSP server. Type the login name (up
to 31 characters) from the entity maintaining the server
(usually a certification authority). You can use
alphanumeric characters, the underscore and the dash.
password: Type the password (up to 31 characters) from
the entity maintaining the OCSP server (usually a
certification authority). You can use the following
characters: a-zA-Z0-9;|`~!@#$%^&*()_+\{}':,./<>=-
the entity maintaining the OCSP server (usually a
certification authority). You can use the following
characters: a-zA-Z0-9;|`~!@#$%^&*()_+\{}':,./<>=-
no ca category {local|remote} certificate_name
Deletes the specified local (my certificates) or remote
(trusted certificates) certificate.
(trusted certificates) certificate.
no ca validation name
Removes the validation configuration for the specified
remote (trusted) certificate.
remote (trusted) certificate.
Table 156
ca Commands Summary (continued)
COMMAND
DESCRIPTION