Viewing CSR and Certificate Details (CLI)

Use this procedure to view CSR and certificate details.

A system certificate can be an automatically-generated domain- or IP-address-based certificate, an automatically-generated ASN-based certificate, or a CA-signed certificate.

  1. Go to configuration settings certificates system.
  2. Enter the list command.

    If you have not deleted them, you should see at least one automatically generated certificate based on the domain or IP address, and exactly one automatically generated certificate based on the Appliance Serial Number (ASN) UUID.

    hostname:configuration settings certificates system> list
    CERT     TYPE SUBJECT COMMON NAME   ISSUER COMMON NAME     NOT AFTER
    cert-002 cert alice.example.com...  alice.example.com...   2038-1-19
    cert-001 cert 17f5fdce-6d64-4736... 17f5fdce-6d64-4736-... 2038-1-19
  3. Use the get command to view the details of a CSR or certificate.
    • The following is an example of an automatically generated conventional certificate.

      hostname:configuration settings certificates system> select cert-002
      hostname:configuration settings certificates system cert-002> get
                    uuid = uuid
      subject_commonname = alice.example.com
       issuer_commonname = alice.example.com
                     dns = alice.example.com,alice,ip-addr
                      ip = 192.0.2.2
                     uri = https://alice.example.com:215,https://alice:215,https://ip-addr
                 comment = Automatically generated
               notbefore = 2006-2-15 18:00
                notafter = 2038-1-19 03:14:07
            serialnumber = 59:8A:73:7B:00:00:00:27
         sha1fingerprint = 0A:14:26:ED:C7:43:0D:30:33:98:87:24:C5:9B:A2:52:55:FE:B1:D7
                key_type = RSA
                key_bits = 2048
    • The following is an example of a CSR.

                             uuid = uuid
               subject_commonname = alice.example.com
         subject_organizationname = Example Corp, Inc
             subject_localityname = Exampleton
      subject_stateorprovincename = CA
              subject_countryname = US
                              dns = alice.example.com
                               ip = 192.0.2.2
                         key_type = EC
                         key_bits = 256
                        key_curve = prime256v1 / P-256
    • The following is the CA-signed certificate that results from the preceding CSR.

                             uuid = uuid
               subject_commonname = alice.example.com
         subject_organizationname = Example Corp, Inc
             subject_localityname = Exampleton
      subject_stateorprovincename = CA
              subject_countryname = US
                issuer_commonname = Most Trusted Certificate
          issuer_organizationname = Totally Trustworthy Certificates, Inc
              issuer_localityname = Trustville
       issuer_stateorprovincename = AK
               issuer_countryname = US
                              dns = alice.example.com
                               ip = 192.0.2.2
                        notbefore = 2021-3-16 17:51:19
                         notafter = 2027-3-15 08:32:00
                     serialnumber = 4F
                  sha1fingerprint = 62:FB:29:84:8C:3E:0E:C6:D2:49:88:38:F2:53:12:8D:A5:F9:96:88
                         key_type = EC
                         key_bits = 256
                        key_curve = prime256v1 / P-256