Cisco Acano X-series 開発者ガイド
Cisco Meeting Server Release 2.0 : MMP Command Line Reference
20
Command/Examples
Description/Notes
pki csr <key/cert basename>
[<attribute>:<value>]
[<attribute>:<value>]
pki csr example
CN:www.example.com OU:"My Desk"
O:"My Office" L:"Round the
corner" ST:California C:US
For users happy to trust that Cisco meets requirements for
generation of private key material, private keys and associated
Certificate Signing Requests can be generated.
generation of private key material, private keys and associated
Certificate Signing Requests can be generated.
<key/cert basename> is a string identifying the new key and CSR
(e.g. "new" results in "new.key" and "new.csr" files)
(e.g. "new" results in "new.key" and "new.csr" files)
Attributes for the CSR can be specified in pairs with the attribute
name and value separated by a colon (":"). Attributes are:
name and value separated by a colon (":"). Attributes are:
CN: commonName which should be on the certificate. The
commonName should be the DNS name for the system. OU:
Organizational Unit
O: Organization
L: Locality
ST:State
C: Country
emailAddress: email address
commonName should be the DNS name for the system. OU:
Organizational Unit
O: Organization
L: Locality
ST:State
C: Country
emailAddress: email address
The CSR file can be downloaded by SFTP and given to a certificate
authority (CA) to be signed. On return it must be uploaded via SFTP.
It can then be used as a certificate.
authority (CA) to be signed. On return it must be uploaded via SFTP.
It can then be used as a certificate.
Note: Since 1.6.11 pki csr <key/cert basename>
[<attribute>:<value>]
now takes subjectAltName as an
attribute. IP addresses and domain names are supported for
subjectAltName in a comma separated list. For example:
subjectAltName in a comma separated list. For example:
pki csr test1 CN:example.exampledemo.com
subjectAltName:exampledemo.com
pki csr test1 CN:example.exampledemo.com
C:US L:Purcellville O:Example OU:Support
ST:Virginia subjectAltName:exampledemo.com
pki csr test3 CN:example.exampledemo.com
C:US L:Purcellville O:Example OU:Support
ST:VirginiasubjectAltName:exampledemo.com,
192.168.1.25,xmpp.exampledemo.com,
server.exampledemo.com,join.exampledemo.com,
test.exampledemo.com
Keep the size of certificates and the number of certificates in the
chain to a minimum; otherwise TLS handshake round trip times will
become long.
chain to a minimum; otherwise TLS handshake round trip times will
become long.
pki selfsigned <key/cert
basename>
basename>
For quick testing and debugging, self-signed certificates
(
(
) can be
generated.
<key/cert basename> identifies the key and certificate which will be
generated e.g. "pki selfsigned new" creates new.key and new.crt
(which is self-signed).
generated e.g. "pki selfsigned new" creates new.key and new.crt
(which is self-signed).
5 Provisioning with Certificates