Skip to main content

_certificate_CLI MK4 cmd

The certificate command is used to manage the system’s certificates that are used to establish TLS connections to the audit server as well as to secure HTTPS sessions.


The certificate command can only be used by an administrator.

The autocert file is a default certificate file, generated when the IP address is changed from factory settings, or when an audit or an HTTPS session starts with no selected certificate.


certificate name/all get 
certificate name/all list
certificate name view
certificate name create [sign=self] [subject=query]
certificate name delete [type=id]
certificate name import infile= [type=id] [fmt=auto]
certificate name select
certificate name verify




Displays the information for the specified certificate or all certificates, including certificate name, type, signature, subject, issuer, expiration, and fingerprint.


Lists the specified certificate or all certificates installed on the encoder, including the type and name.


Displays the content of the named certificate file.


Generates a Self-signed certificate or a Certificate Signing Request. The sign and subject can be specified. See Parameters below.


Deletes the selected certificate. The type can be specified. See Parameters below.


The type specification may be added to specify the deletion of the Identity certificate, the chain associated with it, or the CA certificate with the given name.


Imports a certificate to be installed on the device. The infile, i.e., the file to import the certificate from, must be provided. The file’s type and format can also be specified. See Parameters below.


Selects the certificate used when establishing a TLS connection with the audit server or starting an HTTPS session.


Verifies the validity of the specified certificate.




The signature type for the certificate:

  • self: Creates a self-signed identity certificate.
  • Request: Creates an identity Certificate Signing Request (CSR)


 Sets the certificate's distinguished name parameters:

  • auto: Automatically gets the subject Common Name which is HOSTNAME.DOMAIN if DNS is configured, or IPADDR otherwise. The subject Alt Name is set to DNS:HOSTNAME.DOMAIN, DNS:HOSTNAME,IPAddress:IPADDR
  • query: Prompts the user for Distinguished Name (DN) attributes
  • DN: Distinguished Name in the form: "/C=US/ST=Maine..." where the most common attributes are:
    /C Two Letter Country Name
    /ST State or Province Name
    /L Locality Name
    /O Organization Name
    /OU Organizational Unit Name
    /CN Common Name


The type of certificate to either import or generate:


Only ID certificates can be generated. Chain and CA certificates can only be imported.
  • id: Identity certificate (for HTTPS service and audit (syslog client))
  • chain: Identity certificate CA chain (Import only)
  • ca: Certificate Authority Certificate (for peer certificate validation, Import only)



The format in which the certificate is encrypted:

  • auto: Detects the certificate format based on file extension when importing.
  • pem: Privacy Enhanced Mail Base64 encoded DER certificate
  • p7: PKCS#7
  • p12: PKCS#12
  • pfx: PKCS#12
  • der: Distinguish Encoding Rules



The name of the file to import.


The administrator has previously downloaded/uploaded the certificate file to import in its home directory (using SCP, for example).


# certificate all get

Returns the certificate information for the Makito X4.

Certificate Name    : autocert (default)
Type : id
Signature : Self-signed
Subject :
Issuer :
Expiration : Feb 13 18:54:26 2029 GMT
Fingerprint : md5:70:AC:75:C5:B4:5E:C8:51:1C:13:CA:9E:E2:CB:EF:E3
X509v3 Subject Alternative Names:
IP Address :

Certificate Name : cert1
Type : id
Signature : Self-signed
Subject : MX4-test
Issuer : MX4-test
Expiration : Aug 3 18:31:37 2022 GMT
Fingerprint : md5:45:5B:7E:C2:BF:D6:6E:9F:32:B9:7F:BE:73:E1:3F:DC
X509v3 Subject Alternative Names:
DNS : MX4-test
IP Address :

Certificate Name : cert2
Type : id
Signature : Request not signed
Subject : QA-test
Issuer : Request not signed
Expiration : No expiration date is set before certificate is signed.
Fingerprint : md5:75:85:8d:ec:82:61:6d:11:be:fe:28:45:d6:2d:68:00

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.