ZyXEL Communications Security Camera 3.1 ユーザーズマニュアル

Chapter 32 Certificates

ZyWALL (ZLD) CLI Reference Guide

The following table lists the commands that you can use to display and manage the ZyWALL’s 
summary list of certificates and certification requests. You can also create certificates or 
certification requests. Use the 

configure terminal

 command to enter the configuration mode to 

be able to use these commands.

Identify the company or group to which the certificate owner belongs. You can use 
up to 31 characters. You can use alphanumeric characters, the hyphen and the 
underscore.

Identify the nation where the certificate owner is located. You can use up to 31 
characters. You can use alphanumeric characters, the hyphen and the underscore.

Type a number to determine how many bits the key should use (512 to 2048). The 
longer the key, the more secure it is. A longer key also uses more PKI storage space.

When you have the ZyWALL enroll for a certificate immediately online, the 
certification authority may want you to include a key (password) to identify your 
certification request. Use up to 31 of the following characters. a-zA-Z0-
9;|`~!@#$%^&*()_+\{}':,./<>=-

When you have the ZyWALL enroll for a certificate immediately online, you must 
have the certification authority’s certificate already imported as a trusted certificate. 
Specify the name of the certification authority’s certificate. It can be up to 31 
alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=-

 

characters.

When you have the ZyWALL enroll for a certificate immediately online, enter the IP 
address (or URL) of the certification authority server. You can use up to 511 of the 
following characters. a-zA-Z0-9'()+,/:.=?;!*#@$_%-

Certificates Commands Input Values (continued)

ca Commands Summary

ca enroll cmp name certificate_name cn-type {ip cn 

cn_address|fqdn cn cn_domain_name|mail cn cn_email} 

[ou organizational_unit] [o organization] [c country] 

key-type {rsa|dsa} key-len key_length num 

<0..99999999> password password ca ca_name url url;

Enrolls a certificate with a CA using Certificate 
Management Protocol (CMP). The certification authority 
may want you to include a reference number and key 
(password) to identify your certification request. 

ca enroll scep name certificate_name cn-type {ip cn 

cn_address|fqdn cn cn_domain_name|mail cn cn_email} 

[ou organizational_unit] [o organization] [c country] 

key-type {rsa|dsa} key-len key_length password 

password ca ca_name url url

Enrolls a certificate with a CA using Simple Certificate 
Enrollment Protocol (SCEP). The certification authority 
may want you to include a key (password) to identify your 
certification request. 

ca generate pkcs10 name certificate_name cn-type {ip 

cn cn_address|fqdn cn cn_domain_name|mail cn 

cn_email} [ou organizational_unit] [o organization] 

[c country] key-type {rsa|dsa} key-len key_length

Generates a PKCS#10 certification request.

ca generate pkcs12 name name password password

Generates a PKCS#12 certificate.

ca generate x509 name certificate_name cn-type {ip cn 

cn_address|fqdn cn cn_domain_name|mail cn cn_email} 

[ou organizational_unit] [o organization] [c country] 

key-type {rsa|dsa} key-len key_length

Generates a self-signed x509 certificate.

ca rename category {local|remote} old_name new_name

Renames a local (my certificates) or remote (trusted 
certificates) certificate.