TMS zl Management and Configuration Guide ST.1.2.100916
A-58
Command-Line Reference
Global Configuration Context
Note The subject name or one of the alternate names must match these settings:
■ The local ID in IKE policies that use this certificate
■ The remote ID in IKE policies on remote tunnel endpoints that verify this
certificate
The name must match in both type and value. For example, if you have typed
TMS.company123.com for Subject Name in the certificate request, the local ID
on the module and the remote ID on the remote tunnel endpoint must use
these settings:
■ Type = Distinguished Name
■ Value = /CN=TMS.company123.com
If you added a subject alternate name, you could specify those settings
instead—for example, IP Address for Type and 10.1.1.1 for Value.
For example:
hostswitch(tms-module-<slot ID>:config)# certificates
generate private-key id key1 algorithm dsa size-512
hostswitch(tms-module-<slot ID>:config)# certificates
generate request cert1 signature rsa-md5 private-key id
id1 subject tms.com alternative-names ip-addr-1 1.2.3.4
domain-1 x.com domain-2 y.com email-id-1 user@hp.com
certificates import
Use this command to use FTP, TFTP, or SCP to install the certificates on the
TMS zl Module. (These certificates are necessary for the module to use DSA
or RSA signatures for the IKE authentication method.)
Enter the following command to retrieve the CA certificate, IPsec certificate,
CRLs, and private keys:
Syntax: certificates import < ca | ipsec-cert | crl | private-key id <ID> > < ftp | scp>
<server address> <filename> user <username>
Syntax: certificates import < ca | ipsec-cert | crl | private-key id <ID> > tftp <server
address> <filename>
Replace <ID> with a string between 1 and 31 alphanumeric characters. The
string must be unique to the private key you are importing.
Replace <server address> with the IP address for your server.