Skip to main content

certificate

The certificate command is used to manage the system’s certificates that are used to establish TLS connections to the audit server as well as to secure HTTPS sessions.

Note

The certificate command can only be used by an administrator.

The autocert file is a default certificate file, generated when the IP address is changed from factory settings, or when an audit or an HTTPS session starts with no selected certificate.

Synopsis

certificate name/all get 
certificate name/all list
certificate name view
certificate name create [sign=self] [subject=query]
certificate name delete [type=id]
certificate name import infile= [type=id] [fmt=auto]
certificate name select
certificate name verify

Actions

ActionDescription

get

Displays the information for the specified certificate or all certificates, including certificate name, type, signature, subject, issuer, expiration, and fingerprint.

list

Lists the specified certificate or all certificates installed on the encoder, including the type and name.

view

Displays the content of the named certificate file.

create

Generates a Self-signed certificate or a Certificate Signing Request. The sign and subject can be specified. See Parameters below.

delete

Deletes the selected certificate. The type can be specified. See Parameters below.

Note

The type specification may be added to specify the deletion of the Identity certificate, the chain associated with it, or the CA certificate with the given name.

import

Imports a certificate to be installed on the device. The infile, i.e., the file to import the certificate from, must be provided. The file’s type and format can also be specified. See Parameters below.

select

Selects the certificate used when establishing a TLS connection with the audit server or starting an HTTPS session.

verify

Verifies the validity of the specified certificate.

Parameters

ParameterDefaultDescription/Values
sign

self

The signature type for the certificate:

  • self: Creates a self-signed identity certificate.
  • Request: Creates an identity Certificate Signing Request (CSR)
subject

query 

 Sets the certificate's distinguished name parameters:

  • auto: Automatically gets the subject Common Name which is HOSTNAME.DOMAIN if DNS is configured, or IPADDR otherwise. The subject Alt Name is set to DNS:HOSTNAME.DOMAIN, DNS:HOSTNAME,IPAddress:IPADDR
  • query: Prompts the user for Distinguished Name (DN) attributes
  • DN: Distinguished Name in the form: "/C=US/ST=Maine..." where the most common attributes are:
    /C Two Letter Country Name
    /ST State or Province Name
    /L Locality Name
    /O Organization Name
    /OU Organizational Unit Name
    /CN Common Name
type

id

The type of certificate to either import or generate:

Note

Only ID certificates can be generated. Chain and CA certificates can only be imported.
  • id: Identity certificate (for HTTPS service and audit (syslog client))
  • chain: Identity certificate CA chain (Import only)
  • ca: Certificate Authority Certificate (for peer certificate validation, Import only)

fmt

auto

The format in which the certificate is encrypted:

  • auto: Detects the certificate format based on file extension when importing.
  • pem: Privacy Enhanced Mail Base64 encoded DER certificate
  • p7: PKCS#7
  • p12: PKCS#12
  • pfx: PKCS#12
  • der: Distinguish Encoding Rules

infile

N/A

The name of the file to import.

Note

The administrator has previously downloaded/uploaded the certificate file to import in its home directory (using SCP, for example).

Examples

# certificate all get

Returns the certificate information for the Makito X4.

Certificate Name    : autocert (default)
Type : id
Signature : Self-signed
Subject : test.haivision.com
Issuer : test.haivision.com
Expiration : Feb 13 18:54:26 2029 GMT
Fingerprint : md5:70:AC:75:C5:B4:5E:C8:51:1C:13:CA:9E:E2:CB:EF:E3
X509v3 Subject Alternative Names:
DNS : test.haivision.com
IP Address : 10.65.11.148

Certificate Name : cert1
Type : id
Signature : Self-signed
Subject : MX4-test
Issuer : MX4-test
Expiration : Aug 3 18:31:37 2022 GMT
Fingerprint : md5:45:5B:7E:C2:BF:D6:6E:9F:32:B9:7F:BE:73:E1:3F:DC
X509v3 Subject Alternative Names:
DNS : MX4-test
IP Address : 10.65.135.35

Certificate Name : cert2
Type : id
Signature : Request not signed
Subject : QA-test
Issuer : Request not signed
Expiration : No expiration date is set before certificate is signed.
Fingerprint : md5:75:85:8d:ec:82:61:6d:11:be:fe:28:45:d6:2d:68:00



Related Topics

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.