certificate-record
This configuration element configures certificate records for TLS support.
Parameter
- name
- The name of this certificate record object.
- country
- Enter the name of the locality for the state
- Default: US
- state
- Enter the name of the locality for the state
- Default: MA
- locality
- Enter the name of the organization holding the certificate
- Default: Burlington
- organization
- Enter the name of the organization holding the certificate
- Default: Engineering
- unit
- Enter the name of the unit for holding the certificate within the organization.
- common-name
- Enter the common name for the certificate record.
- key-size
- Set the size of the key for the certificate.
- Default: 2048
- Values: 512 | 1024 | 2048 (on systems with appropriate hardware)
- alternate-name
- The alternate name of the certificate holder which can be
expressed as an IP address, DNS host, or email address. Configure this
parameter using the following syntax to express each of these 3 forms.
- IP:<IP address>
- DNS:<DNS IP address/domain>
- email:<email address>
- trusted
- Enable or disable trust of this certificate
- Default: enabled
- Values: enabled | disabled
- key-usage-list
- Enter the usage extensions to use with this certificate record;
can be configured with multiple values.
- Default: digitalSignature and keyEncipherment
- extended-key-usage-list
- Enter the extended key usage extensions you want to use with
this certificate record.
- Default: serverAuth
Path
certificate-record is an element under the security path. The full path from the topmost prompt is: .