Generates a private key and CSR.
or
Generates a private key and self-signed certificate.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
syslog remotehost cert gen [<ipaddress>] [-startdate <startdate>] [-days <days>] [-country <iso_country_code>] [-state <name_of_state_province_region>] [-location <city_name>] [-organization <organization_legal_name>] [-orgunit <division_within_org>] [-email <contact_email_address>] [-san <SAN>] [-keysize <size>] [-keytype <key_type>] [-curve <curve_name>] [-csr][ -force ]
| Argument(s) | Shortcut | Description |
|---|---|---|
| . | . <ipaddress> | Generates a CSR, or the self-signed client certificate client_syslog.pem in the file-space of the user that generated the cert Default: 1.2.3.4 |
| -startdate <startdate> | -star |
Certificate start date(not available with -csr) (0-99991231). |
| -days <days> | -d | Certificate validity days (1-3653) |
| -country <country code> | -co | The country in which your organization is located, entered as a two-letter ISO code. |
| -state <State/Region/Province (full name)> | -stat | The state or region in which your organization is located.(Example Québec) |
| -location <city name> | -l | The city in which your organization is located. |
| -organization | -orga | The full legal name of your organization, including suffixes such as LLC, Corp, etc. |
| -orgunit | -orgu | The division in your organization that deals with this certificate. |
| -e | Email address used to contact the owner. | |
| -san <subject alternative name> | -sa | In addition to the FQDN if you intend to support other subdomains |
| -keysize <size> | -keys | RSA key size: Default: 2048 (choose among 2048,3072,4096) |
| -keytype <keytype> | -keyt |
Key type (ecc,rsa) |
| -curve <curve_name> | -cu | Elliptic Curve name Supported values: secp256k1, secp384r1, secp521r1, prime256v1 Default: secp384r1 |
| -csr | -cs | Generate CSR - client certificate request file client_syslog_csr.csr in the file-space of the user that generated the cert request |
| -force | -f |
Deletes the installed certificate without warning the user if it already exists. |
An error is shown if CSR generation fails, or if certificate generation fails.
Disallowed option combinations
Do not included the -curve option if the -keytype is "rsa".
Do not included the -keysize option if the -keytype is "ecc".
Example
lunash:>syslog remotehost cert gen 10.124.79.157 -csr -startdate 20230410 -days 10 -country CA -state ON -organization Thales -orgunit dis -location OT -email example@thales.com Command Result : 0 (Success)
.
