admin commands
The admin commands are used to perform administrative functions, such as displaying configuration that is not subject to AAA, manually saving the configuration, clearing user sessions, and rebooting the system.
admin
— clear
— security
— lockout
— all
— user named-item
— password-history
— all
— user named-item
— disconnect
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— op-table-bypass boolean
— session-id number
— session-type keyword
— username named-item
— ipsec
— show
— key
— gateway named-item
— ip-tunnel interface-name
— ipsec-tunnel named-item
— peer-tunnel-ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— peer-tunnel-port number
— type keyword
— nat
— save-deterministic-script
— reboot
— [card] keyword
— hold
— now
— redundancy
— force-switchover
— now
— synchronize
— boot-environment
— certificate
— configuration
— save
— bof
— cleartext
— configure
— debug
— [url] string
— set
— time
— [system-time] date-and-time
— show
— configuration
— bof
— booted
— cflash-id cflash-id
— [cli-path] cli-path-type
— configure
— debug
— depth number
— detail
— flat
— full-context
— inheritance
— intended
— json
— running
— units
— xml
— support-mode
— disable
— kernel
— password encrypted-leaf
— shell
— password encrypted-leaf
— system
— license
— activate
— [file-url] string
— now
— clear
— now
— validate
— [file-url] string
— management-interface
— commit
— confirmed
— accept
— cancel
— operations
— delete-operation
— [delete-id] number
— op-table-bypass boolean
— stop-operation
— op-table-bypass boolean
— [stop-id] number
— security
— hash-control
— custom-hash
— algorithm keyword
— key string
— remove-custom-hash
— os-security
— anti-theft
— activate
— card reference
— force
— password string
— deactivate
— card reference
— force
— password string
— unlock
— password string
— remove-password
— force
— password string
— set-password
— current-password anti-theft-password-cleartext
— force
— new-password anti-theft-password-cleartext
— pki
— clear-ocsp-cache
— [entry-id] number
— cmpv2
— cert-request
— ca-profile reference
— current-certificate pki-file-name
— current-key pki-file-name
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— new-key pki-file-name
— save-as cflash-url
— subject-dn string
— clear-request
— ca-profile reference
— initial-registration
— ca-profile reference
— certificate pki-file-name
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key-to-certify pki-file-name
— password string
— protection-key pki-file-name
— reference string
— save-as cflash-url
— send-chain
— subject-dn string
— with-ca reference
— key-update
— ca-profile reference
— hash-algorithm keyword
— new-key pki-file-name
— old-certificate pki-file-name
— old-key pki-file-name
— save-as cflash-url
— poll
— ca-profile reference
— convert-file
— force
— format keyword
— [input-file] pki-file-name
— [output-file] pki-file-name
— crl-update
— ca-profile reference
— est
— ca-certificates
— est-profile string
— force
— output-url cflash-url
— enroll
— domain-name string
— est-profile string
— force
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key cflash-url
— output-file pki-file-name
— subject-dn string
— validate-certificate-chain
— renew
— certificate cflash-url
— est-profile string
— force
— hash-algorithm keyword
— key cflash-url
— output-file pki-file-name
— validate-certificate-chain
— export
— format keyword
— input-file pki-file-name
— key-file pki-file-name
— output-url cflash-url
— password string
— type keyword
— generate-csr
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key-url cflash-url
— output-url cflash-url
— subject-dn string
— use-printable
— generate-keypair
— dsa-key-size number
— ecdsa-curve keyword
— rsa-key-size number
— [save-path] cflash-url
— import
— format keyword
— input-url cflash-url
— output-file pki-file-name
— password string
— type keyword
— validate-certificate-chain
— reload
— application keyword
— certificate pki-file-name
— key pki-file-name
— show
— file-content
— [file-path] cflash-url
— format keyword
— password string
— type keyword
— update-certificate
— certificate reference
— secure-boot
— activate
— card reference
— confirmation-code string-not-all-spaces
— serial-number string-not-all-spaces
— revoke-key
— card reference
— confirmation-code string-not-all-spaces
— serial-number string-not-all-spaces
— update-key
— card reference
— confirmation-code string-not-all-spaces
— serial-number string-not-all-spaces
— software-image cflash-and-url
— validate
— software-image cflash-and-url
— system-password
— admin-password
— telemetry
— grpc
— cancel
— all
— subscription-id number
— tech-support
— [url] url
admin command descriptions
admin
clear
security
lockout
all
user named-item
password-history
| Synopsis | Clear the password history | |
| Context | admin clear security password-history | |
| Tree | password-history | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
all
user named-item
disconnect
| Synopsis | Disconnect a user session | |
| Context | admin disconnect | |
| Tree | disconnect | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address of the session to disconnect | |
| Context | admin disconnect address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | address | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
op-table-bypass boolean
| Synopsis | Avoid operation ID allocation | |
| Context | admin disconnect op-table-bypass boolean | |
| Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
session-id number
| Synopsis | ID of the session to disconnect | |
| Context | admin disconnect session-id number | |
| Tree | session-id | |
| Range | 1 to 4294967295 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
session-type keyword
| Synopsis | Type of session to disconnect | |
| Context | admin disconnect session-type keyword | |
| Tree | session-type | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
username named-item
| Synopsis | Username to disconnect | |
| Context | admin disconnect username named-item | |
| Tree | username | |
| String length | 1 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ipsec
show
key
gateway named-item
ip-tunnel interface-name
| Synopsis | IPsec transport mode IP tunnel name | |
| Context | admin ipsec show key ip-tunnel interface-name | |
| Tree | ip-tunnel | |
| String length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ipsec-tunnel named-item
| Synopsis | IPsec tunnel name | |
| Context | admin ipsec show key ipsec-tunnel named-item | |
| Tree | ipsec-tunnel | |
| String length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
peer-tunnel-ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | Dynamic tunnel IP address | |
| Context | admin ipsec show key peer-tunnel-ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | peer-tunnel-ip-address | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
peer-tunnel-port number
| Synopsis | Dynamic tunnel port | |
| Context | admin ipsec show key peer-tunnel-port number | |
| Tree | peer-tunnel-port | |
| Range | 0 | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
type keyword
nat
save-deterministic-script
| Synopsis | Save script that computes deterministic NAT map entries | |
| Context | admin nat save-deterministic-script | |
| Tree | save-deterministic-script | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
reboot
[card] keyword
hold
now
redundancy
| Synopsis | Enter the redundancy context | |
| Context | admin redundancy | |
| Tree | redundancy | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
force-switchover
| Synopsis | Force a switchover to the standby CPM | |
| Context | admin redundancy force-switchover | |
| Tree | force-switchover | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
now
| Synopsis | Force the switchover to the standby CPM immediately | |
| Context | admin redundancy force-switchover now | |
| Tree | now | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
synchronize
| Synopsis | Synchronize the standby CPM | |
| Context | admin redundancy synchronize | |
| Tree | synchronize | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
boot-environment
| Synopsis | Synchronize all files required for the boot process | |
| Context | admin redundancy synchronize boot-environment | |
| Tree | boot-environment | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
certificate
| Synopsis | Synchronize imported certificate, key, and CRL files | |
| Context | admin redundancy synchronize certificate | |
| Tree | certificate | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
configuration
| Synopsis | Synchronize the configuration files | |
| Context | admin redundancy synchronize configuration | |
| Tree | configuration | |
Description | When specified, the system synchronizes the primary, secondary, and tertiary configuration files. | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
save
bof
cleartext
configure
debug
[url] string
set
time
[system-time] date-and-time
| Synopsis | System date and time | |
| Context | admin set time [system-time] date-and-time | |
| Tree | [system-time] | |
Description | This command sets the system date and time. The time zone may optionally be specified. When the time zone is not specified, the system uses the configured system time zone. | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
show
configuration
| Synopsis | Show the current configuration | |
| Context | admin show configuration | |
| Tree | configuration | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
bof
| Synopsis | Show the BOF region configuration | |
| Context | admin show configuration bof | |
| Tree | bof | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
booted
| Synopsis | Show the booted BOF configuration | |
| Context | admin show configuration booted | |
| Tree | booted | |
Notes | The following elements are part of a choice: booted or cflash-id. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
cflash-id cflash-id
| Synopsis | Show the BOF configuration file on a compact flash | |
| Context | admin show configuration cflash-id cflash-id | |
| Tree | cflash-id | |
| String length | 4 to 6 | |
Notes | The following elements are part of a choice: booted or cflash-id. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[cli-path] cli-path-type
| Synopsis | Absolute path or relative path from '/' | |
| Context | admin show configuration [cli-path] cli-path-type | |
| Tree | [cli-path] | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
configure
| Synopsis | Show the configure region configuration | |
| Context | admin show configuration configure | |
| Tree | configure | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
debug
| Synopsis | Show the debug region configuration | |
| Context | admin show configuration debug | |
| Tree | debug | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
depth number
| Synopsis | Depth limit from the pwc | |
| Context | admin show configuration depth number | |
| Tree | depth | |
| Range | 1 to 4294967040 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
detail
| Synopsis | Include default and unconfigured values | |
| Context | admin show configuration detail | |
| Tree | detail | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
flat
| Synopsis | Show the context from the pwc on each line | |
| Context | admin show configuration flat | |
| Tree | flat | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
full-context
| Synopsis | Show the full context on each line | |
| Context | admin show configuration full-context | |
| Tree | full-context | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
inheritance
| Synopsis | Include configuration inherited from configuration groups | |
| Context | admin show configuration inheritance | |
| Tree | inheritance | |
Description | This option specifies the inclusion of configuration inherited from configuration groups in the output. This option should only be used in the configure region when configuration groups are used. The output with this option is the same as admin show configuration when used in other configuration regions. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
intended
| Synopsis | Show the intended configuration | |
| Context | admin show configuration intended | |
| Tree | intended | |
Notes | The following elements are part of a choice: intended or running. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
json
| Synopsis | Show the output in indented JSON format | |
| Context | admin show configuration json | |
| Tree | json | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
running
| Synopsis | Show the running configuration | |
| Context | admin show configuration running | |
| Tree | running | |
Notes | The following elements are part of a choice: intended or running. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
units
| Synopsis | Include unit types for applicable elements | |
| Context | admin show configuration units | |
| Tree | units | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
xml
| Synopsis | Show the output in indented XML format | |
| Context | admin show configuration xml | |
| Tree | xml | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
support-mode
| Synopsis | Enable technical support commands | |
| Context | admin support-mode | |
| Tree | support-mode | |
Description | Commands in this context enable the kernel and shell commands used only by Nokia technical support for troubleshooting. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
disable
| Synopsis | Disable technical support commands | |
| Context | admin support-mode disable | |
| Tree | disable | |
Description | This command disables the kernel and shell commands used only by Nokia technical support for troubleshooting. | |
Notes | The following elements are part of a choice: disable, kernel, or shell. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
kernel
| Synopsis | Kernel command password | |
| Context | admin support-mode kernel | |
| Tree | kernel | |
Description | This command allows Nokia technical support to access the kernel commands. kernel commands are used only by Nokia technical support for troubleshooting. | |
Notes | The following elements are part of a choice: disable, kernel, or shell. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
password encrypted-leaf
| Synopsis | Kernel command password | |
| Context | admin support-mode kernel password encrypted-leaf | |
| Tree | password | |
Description | This command specifies the password to access kernel commands. This command is used only by Nokia technical support for troubleshooting. | |
| String length | 1 to 199 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
shell
| Synopsis | Shell command password | |
| Context | admin support-mode shell | |
| Tree | shell | |
Description | This command allows Nokia technical support to access the shell commands. shell commands are used only by Nokia technical support for troubleshooting. | |
Notes | The following elements are part of a choice: disable, kernel, or shell. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
password encrypted-leaf
| Synopsis | Shell command password | |
| Context | admin support-mode shell password encrypted-leaf | |
| Tree | password | |
Description | This command specifies the password to access the shell commands. This command is used only by Nokia technical support for troubleshooting. | |
| String length | 1 to 199 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
system
license
activate
[file-url] string
| Synopsis | Location of the license file to activate | |
| Context | admin system license activate [file-url] string | |
| Tree | [file-url] | |
| String length | 1 to 256 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
now
clear
now
validate
[file-url] string
| Synopsis | Location of the license file to validate | |
| Context | admin system license validate [file-url] string | |
| Tree | [file-url] | |
| String length | 1 to 256 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
management-interface
| Synopsis | Enter the management-interface context | |
| Context | admin system management-interface | |
| Tree | management-interface | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
commit
| Synopsis | Enter the commit context | |
| Context | admin system management-interface commit | |
| Tree | commit | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
confirmed
accept
cancel
operations
| Synopsis | Enter the operations context | |
| Context | admin system management-interface operations | |
| Tree | operations | |
Description | Commands in this context are used to manage YANG-based operations (for example, admin reboot, or ping) in model-driven interfaces. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
delete-operation
| Synopsis | Stop and remove an operation | |
| Context | admin system management-interface operations delete-operation | |
| Tree | delete-operation | |
Description | This command removes an operation and all status and data associated with it. If the operation was executing, it is stopped before removal. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[delete-id] number
| Synopsis | ID of the operation to remove | |
| Context | admin system management-interface operations delete-operation [delete-id] number | |
| Tree | [delete-id] | |
| Range | 1 to 10000 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
op-table-bypass boolean
| Synopsis | Avoid operation ID allocation | |
| Context | admin system management-interface operations delete-operation op-table-bypass boolean | |
| Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
stop-operation
| Synopsis | Stop the execution of an operational command | |
| Context | admin system management-interface operations stop-operation | |
| Tree | stop-operation | |
Description | This command stops the execution of an operational command. An operation launched as "asynchronous" is not deleted from the system when it is stopped. Status and other data associated with the operation persist until the operation is explicitly deleted using the delete operation command or a retention timeout. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
op-table-bypass boolean
| Synopsis | Avoid operation ID allocation | |
| Context | admin system management-interface operations stop-operation op-table-bypass boolean | |
| Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[stop-id] number
| Synopsis | ID of the operation to stop | |
| Context | admin system management-interface operations stop-operation [stop-id] number | |
| Tree | [stop-id] | |
| Range | 1 to 10000 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
security
hash-control
| Synopsis | Enter the hash-control context | |
| Context | admin system security hash-control | |
| Tree | hash-control | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
custom-hash
| Synopsis | Custom encryption | |
| Context | admin system security hash-control custom-hash | |
| Tree | custom-hash | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
algorithm keyword
| Synopsis | Algorithm for custom encryption | |
| Context | admin system security hash-control custom-hash algorithm keyword | |
| Tree | algorithm | |
Description | This command configures the algorithm for custom encryption. The encryption uses ECB mode, PKCS#7 padding, and Base64 encoding. | |
| Options | 3des – DES-EDE3-ECB with PKCS #5 padding aes128 – AES-128-ECB with PKCS #7 padding aes192 – AES-192-ECB with PKCS #7 padding aes256 – AES-256-ECB with PKCS #7 padding | |
Notes | This element is mandatory. | |
Platforms | 7705 SAR Gen 2 |
key string
| Synopsis | Key for encryption algorithm | |
| Context | admin system security hash-control custom-hash key string | |
| Tree | key | |
| String length | 1 to 71 | |
Notes | This element is mandatory. | |
Platforms | 7705 SAR Gen 2 |
remove-custom-hash
| Synopsis | Remove the custom encryption | |
| Context | admin system security hash-control remove-custom-hash | |
| Tree | remove-custom-hash | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
os-security
| Synopsis | Perform operating-system-level security operations | |
| Context | admin system security os-security | |
| Tree | os-security | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
anti-theft
| Synopsis | Perform anti-theft operations | |
| Context | admin system security os-security anti-theft | |
| Tree | anti-theft | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
activate
| Synopsis | Enable anti-theft for the specified CPM card | |
| Context | admin system security os-security anti-theft activate | |
| Tree | activate | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
card reference
| Synopsis | CPM slot to apply anti-theft settings | |
| Context | admin system security os-security anti-theft activate card reference | |
| Tree | card | |
Reference | state cpm cpm-card-slot | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
force
| Synopsis | Proceed without further prompting from the system | |
| Context | admin system security os-security anti-theft activate force | |
| Tree | force | |
Description | When configured, this command ignores further prompts from the system. This command is required for non-interactive interfaces. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
password string
| Synopsis | Preconfigured anti-theft password | |
| Context | admin system security os-security anti-theft activate password string | |
| Tree | password | |
| String length | 8 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
deactivate
| Synopsis | Disables anti-theft for the specified CPM card | |
| Context | admin system security os-security anti-theft deactivate | |
| Tree | deactivate | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
card reference
| Synopsis | CPM slot to apply anti-theft settings | |
| Context | admin system security os-security anti-theft deactivate card reference | |
| Tree | card | |
Reference | state cpm cpm-card-slot | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
force
| Synopsis | Proceed without further prompting from the system | |
| Context | admin system security os-security anti-theft deactivate force | |
| Tree | force | |
Description | When configured, this command ignores further prompts from the system. This command is required for non-interactive interfaces. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
password string
| Synopsis | Preconfigured anti-theft password | |
| Context | admin system security os-security anti-theft deactivate password string | |
| Tree | password | |
| String length | 8 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
unlock
| Synopsis | Disable anti-theft locking for the CPM | |
| Context | admin system security os-security anti-theft unlock | |
| Tree | unlock | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
password string
| Synopsis | Preconfigured anti-theft password | |
| Context | admin system security os-security anti-theft unlock password string | |
| Tree | password | |
| String length | 8 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
remove-password
| Synopsis | Remove the OS security password | |
| Context | admin system security os-security remove-password | |
| Tree | remove-password | |
Description | When configured, this command removes the OS security password. Any applications using the password must first be disabled before removing the password. Anti-theft must be deactivated to remove the OS security password. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
force
| Synopsis | Proceed without further prompting from the system | |
| Context | admin system security os-security remove-password force | |
| Tree | force | |
Description | When configured, this command ignores further prompts from the system. This command is required for non-interactive interfaces. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
password string
| Synopsis | Preconfigured anti-theft password | |
| Context | admin system security os-security remove-password password string | |
| Tree | password | |
| String length | 8 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
set-password
| Synopsis | Configure the password used to protect the system | |
| Context | admin system security os-security set-password | |
| Tree | set-password | |
Description | When configured, if there was no password previously configured, a new password must be configured using using the new-password command. If a password has already been configured, the user must enter the current-password. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
current-password anti-theft-password-cleartext
| Synopsis | Existing OS security password | |
| Context | admin system security os-security set-password current-password anti-theft-password-cleartext | |
| Tree | current-password | |
| String length | 8 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
force
| Synopsis | Proceed without further prompting from the system | |
| Context | admin system security os-security set-password force | |
| Tree | force | |
Description | When configured, this command ignores the requirement to enter the new-password twice. Configuring this command is required for non-interactive interfaces. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
new-password anti-theft-password-cleartext
| Synopsis | New OS security password | |
| Context | admin system security os-security set-password new-password anti-theft-password-cleartext | |
| Tree | new-password | |
Description | This command configures the new OS security password. When configured, the user is prompted to reenter the new password. | |
| String length | 8 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
pki
clear-ocsp-cache
| Synopsis | Clear the current OCSP response cache | |
| Context | admin system security pki clear-ocsp-cache | |
| Tree | clear-ocsp-cache | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[entry-id] number
| Synopsis | Local OCSP response cache entry ID to clear | |
| Context | admin system security pki clear-ocsp-cache [entry-id] number | |
| Tree | [entry-id] | |
| Range | 1 to 2000 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
cmpv2
cert-request
| Synopsis | Request an additional certificate | |
| Context | admin system security pki cmpv2 cert-request | |
| Tree | cert-request | |
Description | When specified, the system requests an additional certificate after the initial certificate has been obtained from the CA. The request is authenticated by a signature signed by the current key, along with the current certificate. The hash algorithm used for the signature depends on the key type:
CA may not return a certificate immediately, for example, if the request process requires manual intervention. The poll command can be used to poll the status of the request. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 cert-request ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile named-item | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
current-certificate pki-file-name
| Synopsis | Existing imported certificate file to create request | |
| Context | admin system security pki cmpv2 cert-request current-certificate pki-file-name | |
| Tree | current-certificate | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
current-key pki-file-name
| Synopsis | Imported key file used to create the request | |
| Context | admin system security pki cmpv2 cert-request current-key pki-file-name | |
| Tree | current-key | |
Description | This command specifies the imported key file corresponding to the existing imported certificate file used to create the request. | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
domain-name string
| Synopsis | FQDNs for the Subject Alternative Name | |
| Context | admin system security pki cmpv2 cert-request domain-name string | |
| Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
| String length | 1 to 512 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki cmpv2 cert-request hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address for the Subject Alternative Name | |
| Context | admin system security pki cmpv2 cert-request ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
new-key pki-file-name
save-as cflash-url
subject-dn string
| Synopsis | Subject of the requesting certificate | |
| Context | admin system security pki cmpv2 cert-request subject-dn string | |
| Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
| String length | 1 to 256 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
clear-request
| Synopsis | Clear pending CMPv2 requests | |
| Context | admin system security pki cmpv2 clear-request | |
| Tree | clear-request | |
Description | When specified, the system clears pending CMPv2 requests for the specified CA. If no requests are pending, the system clears the saved result of the previous request | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 clear-request ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile named-item | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
initial-registration
| Synopsis | Request initial certificate using the CMPv2 protocol | |
| Context | admin system security pki cmpv2 initial-registration | |
| Tree | initial-registration | |
Description | When specified, the system requests the initial certificate from the CA using the CMPv2 initial registration procedure. The ca-profile parameter specifies a CA profile which includes CMP server information. The key-to-certify parameter is an imported key file to be certified by the CA. The request is authenticated via one of the following methods:
The subject-dn command specifies the subject of the requesting certificate. The save-as command specifies the full path name for saving the result certificate. The CA may not return the certificate immediately, for example, if the request process requires manual intervention. In such cases, the poll command can be used to poll the status of the request. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 initial-registration ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile named-item | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
certificate pki-file-name
| Synopsis | Filename of the certificate for the protection key | |
| Context | admin system security pki cmpv2 initial-registration certificate pki-file-name | |
| Tree | certificate | |
| String length | 1 to 95 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
domain-name string
| Synopsis | FQDNs for the Subject Alternative Name | |
| Context | admin system security pki cmpv2 initial-registration domain-name string | |
| Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
| String length | 1 to 512 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki cmpv2 initial-registration hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
|
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address for the Subject Alternative Name | |
| Context | admin system security pki cmpv2 initial-registration ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
key-to-certify pki-file-name
| Synopsis | Name of the key file used to create initial request | |
| Context | admin system security pki cmpv2 initial-registration key-to-certify pki-file-name | |
| Tree | key-to-certify | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
password string
| Synopsis | Password for message protection | |
| Context | admin system security pki cmpv2 initial-registration password string | |
| Tree | password | |
| String length | 1 to 64 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
protection-key pki-file-name
| Synopsis | Key file used to generate message protection signature | |
| Context | admin system security pki cmpv2 initial-registration protection-key pki-file-name | |
| Tree | protection-key | |
| String length | 1 to 95 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
reference string
| Synopsis | Password reference number | |
| Context | admin system security pki cmpv2 initial-registration reference string | |
| Tree | reference | |
| String length | 1 to 64 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
save-as cflash-url
send-chain
| Synopsis | Send a certificate chain | |
| Context | admin system security pki cmpv2 initial-registration send-chain | |
| Tree | send-chain | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
subject-dn string
| Synopsis | Subject of the requesting certificate | |
| Context | admin system security pki cmpv2 initial-registration subject-dn string | |
| Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
| String length | 1 to 256 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
with-ca reference
| Synopsis | Name of CA profile with certificate in the send chain | |
| Context | admin system security pki cmpv2 initial-registration with-ca reference | |
| Tree | with-ca | |
Reference | state system security pki ca-profile named-item | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
key-update
| Synopsis | Request new certificate to update existing certificate | |
| Context | admin system security pki cmpv2 key-update | |
| Tree | key-update | |
Description | When specified, the system requests a new certificate from the CA to update an existing certificate due to reasons such as a key refresh or to replace a compromised key. The CA may not return the certificate immediately, for example, if the request process requires manual intervention. In these cases, the poll command can be used to poll the status of the request. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 key-update ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile named-item | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki cmpv2 key-update hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
new-key pki-file-name
old-certificate pki-file-name
| Synopsis | Name of the old certificate file to be replaced | |
| Context | admin system security pki cmpv2 key-update old-certificate pki-file-name | |
| Tree | old-certificate | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
old-key pki-file-name
save-as cflash-url
poll
| Synopsis | Poll the CMPv2 server for pending request status | |
| Context | admin system security pki cmpv2 poll | |
| Tree | poll | |
Description | When specified, the system polls the status of the pending CMPv2 request toward the specified CA. If the response is ready, the system resumes the CMPv2 protocol exchange with the server. SR OS allows only one pending CMP request per CA; therefore, no new request is allowed when a pending request is present. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 poll ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile named-item | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
convert-file
| Synopsis | Convert imported file between secure and legacy format | |
| Context | admin system security pki convert-file | |
| Tree | convert-file | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
force
format keyword
[input-file] pki-file-name
| Synopsis | Name of the file to be converted | |
| Context | admin system security pki convert-file [input-file] pki-file-name | |
| Tree | [input-file] | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[output-file] pki-file-name
| Synopsis | Output filename | |
| Context | admin system security pki convert-file [output-file] pki-file-name | |
| Tree | [output-file] | |
Description | This command specifies the output filename. If the filename already exists, the system prompts the user to proceed or aborts if the force command is unconfigured. | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
crl-update
| Synopsis | Trigger the CRL update for the CA profile | |
| Context | admin system security pki crl-update | |
| Tree | crl-update | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki crl-update ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile named-item | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
est
ca-certificates
| Synopsis | Download CA certificates from the EST server | |
| Context | admin system security pki est ca-certificates | |
| Tree | ca-certificates | |
Description | This command downloads a Certificate Authority (CA) certificate from an EST server specified by the profile name. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
est-profile string
| Synopsis | PKI EST profile name | |
| Context | admin system security pki est ca-certificates est-profile string | |
| Tree | est-profile | |
| String length | 1 to 32 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
force
output-url cflash-url
| Synopsis | Path to the result file | |
| Context | admin system security pki est ca-certificates output-url cflash-url | |
| Tree | output-url | |
| String length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
enroll
| Synopsis | Enroll a new certificate with CA with the EST protocol | |
| Context | admin system security pki est enroll | |
| Tree | enroll | |
Description | When specified, the system enrolls a new certificate with Certificate Authority (CA) by the EST protocol specified with the est-profile command with a imported private key specified by the key command. The est-profile commad specifies the authentication between the system and EST server. The hash-alg, subject-dn, domain-name, and ip-address commands are used to generate the Certificate Signing Request (CSR) in the EST request message. The domain-name and ip-address commands are used as subject alternative names. If validate-certificate-chain is specified, the system validates the chain of result certificate before importing it. The certificate chain is the chain of all certificates from the result certificate to the issuing CA. The result certificate is the new certificate returned by the EST server. The result certificate is imported and saved with the filename specified by the output-file command. If the force command is specified, the system overwrites the existing file with same name as the output file. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
domain-name string
| Synopsis | FQDNs for the Subject Alternative Name | |
| Context | admin system security pki est enroll domain-name string | |
| Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
| String length | 1 to 512 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
est-profile string
| Synopsis | PKI EST profile name | |
| Context | admin system security pki est enroll est-profile string | |
| Tree | est-profile | |
| String length | 1 to 32 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
force
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki est enroll hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address for the Subject Alternative Name | |
| Context | admin system security pki est enroll ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
key cflash-url
output-file pki-file-name
| Synopsis | Name of the result file | |
| Context | admin system security pki est enroll output-file pki-file-name | |
| Tree | output-file | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
subject-dn string
| Synopsis | Subject of the requesting certificate | |
| Context | admin system security pki est enroll subject-dn string | |
| Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
| String length | 1 to 256 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
validate-certificate-chain
| Synopsis | Validate result certificate chain before importing | |
| Context | admin system security pki est enroll validate-certificate-chain | |
| Tree | validate-certificate-chain | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
renew
| Synopsis | Renew a CA certificate using the EST protocol | |
| Context | admin system security pki est renew | |
| Tree | renew | |
Description | When specified, the system renews an imported certificate (specified by the certificate command) with a Certificate Authority (CA) using the EST protocol specified by the est-profile parameter, with an imported private key specified the key command. The key can be either the key of the certificate to be renewed or a new key. The authentication between system and EST server is specified by the est-profile parameter. The system uses the hash-alg command to generate the CSR in the EST request message. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
certificate cflash-url
| Synopsis | Name of the imported certificate file to renew | |
| Context | admin system security pki est renew certificate cflash-url | |
| Tree | certificate | |
| String length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
est-profile string
| Synopsis | PKI EST profile name | |
| Context | admin system security pki est renew est-profile string | |
| Tree | est-profile | |
| String length | 1 to 32 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
force
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki est renew hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
key cflash-url
output-file pki-file-name
| Synopsis | Name of the result file | |
| Context | admin system security pki est renew output-file pki-file-name | |
| Tree | output-file | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
validate-certificate-chain
| Synopsis | Validate result certificate chain before importing | |
| Context | admin system security pki est renew validate-certificate-chain | |
| Tree | validate-certificate-chain | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
export
format keyword
input-file pki-file-name
| Synopsis | Name of the file to be exported | |
| Context | admin system security pki export input-file pki-file-name | |
| Tree | input-file | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
key-file pki-file-name
| Synopsis | Name of the key file to be exported | |
| Context | admin system security pki export key-file pki-file-name | |
| Tree | key-file | |
Description | This command specifies the name of the key file to be exported when the output format may contain the certificate and the key. | |
| String length | 1 to 95 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
output-url cflash-url
| Synopsis | Full path to export the result file | |
| Context | admin system security pki export output-url cflash-url | |
| Tree | output-url | |
| String length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
password string
type keyword
generate-csr
| Synopsis | Generate a PKCS#10 certificate signing request file | |
| Context | admin system security pki generate-csr | |
| Tree | generate-csr | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
domain-name string
| Synopsis | FQDNs for the Subject Alternative Name | |
| Context | admin system security pki generate-csr domain-name string | |
| Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
| String length | 1 to 512 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki generate-csr hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address for the Subject Alternative Name | |
| Context | admin system security pki generate-csr ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
key-url cflash-url
output-url cflash-url
| Synopsis | Full path to result certificate signing request file | |
| Context | admin system security pki generate-csr output-url cflash-url | |
| Tree | output-url | |
| String length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
subject-dn string
| Synopsis | Subject of the requesting certificate | |
| Context | admin system security pki generate-csr subject-dn string | |
| Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
| String length | 1 to 256 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
use-printable
| Synopsis | Force ASCII encoding for input subject DN attributes | |
| Context | admin system security pki generate-csr use-printable | |
| Tree | use-printable | |
Description | When specified, the system forces the use of ASCII encoding for the input subject DN attributes. Otherwise, the system uses UTF-8 encoding. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
generate-keypair
| Synopsis | Generate PKI key pair | |
| Context | admin system security pki generate-keypair | |
| Tree | generate-keypair | |
Description | When specified, the system generates an RSA, DSA, or ECDSA private/public key pair file | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
dsa-key-size number
| Synopsis | Length of the DSA key to be generated | |
| Context | admin system security pki generate-keypair dsa-key-size number | |
| Tree | dsa-key-size | |
| Range | 512 to 8192 | |
| Default | 2048 | |
Notes |
The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ecdsa-curve keyword
| Synopsis | Elliptic curve of the ECDSA key to be generated | |
| Context | admin system security pki generate-keypair ecdsa-curve keyword | |
| Tree | ecdsa-curve | |
| Options | ||
| Default | secp256r1 | |
Notes | The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
rsa-key-size number
| Synopsis | Length of the RSA key to be generated | |
| Context | admin system security pki generate-keypair rsa-key-size number | |
| Tree | rsa-key-size | |
| Range | 512 to 8192 | |
| Default | 2048 | |
Notes |
The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[save-path] cflash-url
| Synopsis | Full path to save the result key file | |
| Context | admin system security pki generate-keypair [save-path] cflash-url | |
| Tree | [save-path] | |
| String length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
import
| Synopsis | Import a certificate related file | |
| Context | admin system security pki import | |
| Tree | import | |
Description | When specified, the system imports an input file (key/certificate/CRL) to be used by SROS applications. The following summarizes the supported formats:
| |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
format keyword
input-url cflash-url
output-file pki-file-name
| Synopsis | Name of the result file | |
| Context | admin system security pki import output-file pki-file-name | |
| Tree | output-file | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
password string
type keyword
validate-certificate-chain
| Synopsis | Validate the certificate chain | |
| Context | admin system security pki import validate-certificate-chain | |
| Tree | validate-certificate-chain | |
Description | When specified, the system validates the result certificate chain before it is imported. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
reload
| Synopsis | Reload key or certificate files | |
| Context | admin system security pki reload | |
| Tree | reload | |
Description | When specified, the system reloads the key or certificate files for the specified application.This command can be used to ensure a changed imported file takes effect. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
application keyword
| Synopsis | Application to be reloaded | |
| Context | admin system security pki reload application keyword | |
| Tree | application | |
| Options | ||
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
certificate pki-file-name
| Synopsis | Name of the certificate file to reload | |
| Context | admin system security pki reload certificate pki-file-name | |
| Tree | certificate | |
| String length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
key pki-file-name
show
file-content
| Synopsis | Display content of certificate related files | |
| Context | admin system security pki show file-content | |
| Tree | file-content | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[file-path] cflash-url
| Synopsis | Full path to the file to display | |
| Context | admin system security pki show file-content [file-path] cflash-url | |
| Tree | [file-path] | |
| String length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
format keyword
password string
type keyword
update-certificate
| Synopsis | Update End Entity certificate | |
| Context | admin system security pki update-certificate | |
| Tree | update-certificate | |
Description | When specified, the system triggers an update for the specified certificate according to the corresponding configure system security pki certificate-auto-update configuration. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
certificate reference
| Synopsis | Name of the certificate file to be updated | |
| Context | admin system security pki update-certificate certificate reference | |
| Tree | certificate | |
Reference | state system security pki certificate-auto-update pki-file-name | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
secure-boot
| Synopsis | Enter the secure-boot context | |
| Context | admin system security secure-boot | |
| Tree | secure-boot | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
activate
| Synopsis | Activate secure boot on a CPM | |
| Context | admin system security secure-boot activate | |
| Tree | activate | |
Description | This command activates Secure Boot to enforce digital signature verification of the software on every boot. Once Secure Boot is activated on a CPM, the capability is permanently enabled and cannot be disabled. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
card reference
confirmation-code string-not-all-spaces
| Synopsis | Confirmation code | |
| Context | admin system security secure-boot activate confirmation-code string-not-all-spaces | |
| Tree | confirmation-code | |
| String length | 1 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
serial-number string-not-all-spaces
| Synopsis | CPM card serial number which secure-boot activates | |
| Context | admin system security secure-boot activate serial-number string-not-all-spaces | |
| Tree | serial-number | |
| String length | 1 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
revoke-key
| Synopsis | Revoke secure boot keys | |
| Context | admin system security secure-boot revoke-key | |
| Tree | revoke-key | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
card reference
| Synopsis | CPM slot where secure boot is activated or modified | |
| Context | admin system security secure-boot revoke-key card reference | |
| Tree | card | |
Reference | state cpm cpm-card-slot | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
confirmation-code string-not-all-spaces
| Synopsis | Confirmation code | |
| Context | admin system security secure-boot revoke-key confirmation-code string-not-all-spaces | |
| Tree | confirmation-code | |
| String length | 1 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
serial-number string-not-all-spaces
| Synopsis | CPM card serial number which secure-boot activates | |
| Context | admin system security secure-boot revoke-key serial-number string-not-all-spaces | |
| Tree | serial-number | |
| String length | 1 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
update-key
| Synopsis | Update secure boot keys | |
| Context | admin system security secure-boot update-key | |
| Tree | update-key | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
card reference
| Synopsis | CPM slot where secure boot is activated or modified | |
| Context | admin system security secure-boot update-key card reference | |
| Tree | card | |
Reference | state cpm cpm-card-slot | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
confirmation-code string-not-all-spaces
| Synopsis | Confirmation code | |
| Context | admin system security secure-boot update-key confirmation-code string-not-all-spaces | |
| Tree | confirmation-code | |
| String length | 1 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
serial-number string-not-all-spaces
| Synopsis | CPM card serial number which secure-boot activates | |
| Context | admin system security secure-boot update-key serial-number string-not-all-spaces | |
| Tree | serial-number | |
| String length | 1 to 32 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
software-image cflash-and-url
| Synopsis | Location of the target software image | |
| Context | admin system security secure-boot update-key software-image cflash-and-url | |
| Tree | software-image | |
| String length | 1 to 180 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
validate
software-image cflash-and-url
| Synopsis | Location of the target software image | |
| Context | admin system security secure-boot validate software-image cflash-and-url | |
| Tree | software-image | |
| String length | 1 to 180 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
system-password
| Synopsis | Change a local system password | |
| Context | admin system security system-password | |
| Tree | system-password | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
admin-password
| Synopsis | Administrative password | |
| Context | admin system security system-password admin-password | |
| Tree | admin-password | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
telemetry
grpc
cancel
all
subscription-id number
| Synopsis | ID of the telemetry subscription to cancel | |
| Context | admin system telemetry grpc cancel subscription-id number | |
| Tree | subscription-id | |
| Max. range | 0 to 4294967295 | |
Notes | The following elements are part of a mandatory choice: all or subscription-id. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
tech-support
| Synopsis | Save technical support information to a file | |
| Context | admin tech-support | |
| Tree | tech-support | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[url] url
| Synopsis | URL to save technical support information | |
| Context | admin tech-support [url] url | |
| Tree | [url] | |
| String length | 1 to 180 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |