Viewing CSR and Certificate Details (CLI)

Use this procedure to view CSR and certificate details.

A system certificate can be an automatically-generated domain- or IP-address-based certificate, an automatically-generated ASN-based certificate, or a CA-signed certificate.

1. Go to configuration settings certificates system.
2. Enter the list command.

   If you have not deleted them, you should see at least one automatically generated certificate based on the domain or IP address, and exactly one automatically generated certificate based on the Appliance Serial Number (ASN) UUID.

   hostname:configuration settings certificates system> list
   CERT     TYPE SUBJECT COMMON NAME   ISSUER COMMON NAME     NOT AFTER
   cert-002 cert alice.example.com...  alice.example.com...   2038-1-19
   cert-001 cert 17f5fdce-6d64-4736... 17f5fdce-6d64-4736-... 2038-1-19

3. Use the get command to view the details of a CSR or certificate.

   • The following is an example of an automatically generated conventional certificate.

     hostname:configuration settings certificates system> select cert-002
     hostname:configuration settings certificates system cert-002> get
                   uuid = uuid
     subject_commonname = alice.example.com
      issuer_commonname = alice.example.com
                    dns = alice.example.com,alice,ip-addr
                     ip = 192.0.2.2
                    uri = https://alice.example.com:215,https://alice:215,https://ip-addr
                comment = Automatically generated
              notbefore = 2006-2-15 18:00
               notafter = 2038-1-19 03:14:07
           serialnumber = 59:8A:73:7B:00:00:00:27
        sha1fingerprint = 0A:14:26:ED:C7:43:0D:30:33:98:87:24:C5:9B:A2:52:55:FE:B1:D7
               key_type = RSA
               key_bits = 2048

   • The following is an example of a CSR.

                            uuid = uuid
              subject_commonname = alice.example.com
        subject_organizationname = Example Corp, Inc
            subject_localityname = Exampleton
     subject_stateorprovincename = CA
             subject_countryname = US
                             dns = alice.example.com
                              ip = 192.0.2.2
                        key_type = EC
                        key_bits = 256
                       key_curve = prime256v1 / P-256

   • The following is the CA-signed certificate that results from the preceding CSR.

                            uuid = uuid
              subject_commonname = alice.example.com
        subject_organizationname = Example Corp, Inc
            subject_localityname = Exampleton
     subject_stateorprovincename = CA
             subject_countryname = US
               issuer_commonname = Most Trusted Certificate
         issuer_organizationname = Totally Trustworthy Certificates, Inc
             issuer_localityname = Trustville
      issuer_stateorprovincename = AK
              issuer_countryname = US
                             dns = alice.example.com
                              ip = 192.0.2.2
                       notbefore = 2021-3-16 17:51:19
                        notafter = 2027-3-15 08:32:00
                    serialnumber = 4F
                 sha1fingerprint = 62:FB:29:84:8C:3E:0E:C6:D2:49:88:38:F2:53:12:8D:A5:F9:96:88
                        key_type = EC
                        key_bits = 256
                       key_curve = prime256v1 / P-256