admin commands
The admin commands are used to perform administrative functions, such as displaying configuration that is not subject to AAA, manually saving the configuration, clearing user sessions, and rebooting the system.
admin
— application-assurance
— group reference
— url-list reference
— upgrade
— upgrade
— clear
— security
— lockout
— all
— user string
— password-history
— all
— user string
— disconnect
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— op-table-bypass boolean
— session-id number
— session-type keyword
— username string
— nat
— save-deterministic-script
— reboot
— [card] keyword
— hold
— now
— redundancy
— force-switchover
— ignore-status
— now
— synchronize
— boot-environment
— certificate
— configuration
— satellite
— ethernet-satellite reference
— reboot
— now
— upgrade
— synchronize
— tech-support
— [url] string
— save
— bof
— configure
— debug
— li
— [url] string
— set
— time
— [system-time] string
— show
— configuration
— bof
— booted
— cflash-id string
— [cli-path] string
— configure
— debug
— detail
— flat
— full-context
— intended
— json
— li
— running
— units
— xml
— support-mode
— system
— license
— activate
— [file-url] string
— now
— validate
— [file-url] string
— management-interface
— operations
— delete-operation
— [delete-id] number
— op-table-bypass boolean
— stop-operation
— op-table-bypass boolean
— [stop-id] number
— security
— hash-control
— custom-hash
— algorithm keyword
— key string
— remove-custom-hash
— pki
— clear-ocsp-cache
— [entry-id] number
— cmpv2
— cert-request
— ca-profile reference
— current-certificate string
— current-key string
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— new-key string
— save-as string
— subject-dn string
— clear-request
— ca-profile reference
— initial-registration
— ca-profile reference
— certificate string
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key-to-certify string
— password string
— protection-key string
— reference string
— save-as string
— send-chain
— subject-dn string
— with-ca reference
— key-update
— ca-profile reference
— hash-algorithm keyword
— new-key string
— old-certificate string
— old-key string
— save-as string
— poll
— ca-profile reference
— convert-file
— force
— format keyword
— [input-file] string
— [output-file] string
— crl-update
— ca-profile reference
— est
— ca-certificates
— est-profile string
— force
— output-url string
— enroll
— domain-name string
— est-profile string
— force
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key string
— output-file string
— subject-dn string
— validate-certificate-chain
— renew
— certificate string
— est-profile string
— force
— hash-algorithm keyword
— key string
— output-file string
— validate-certificate-chain
— export
— format keyword
— input-file string
— key-file string
— output-url string
— password string
— type keyword
— generate-csr
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key-url string
— output-url string
— subject-dn string
— use-printable
— generate-keypair
— dsa-key-size number
— ecdsa-curve keyword
— rsa-key-size number
— [save-path] string
— import
— format keyword
— input-url string
— output-file string
— password string
— type keyword
— validate-certificate-chain
— reload
— application keyword
— certificate string
— key string
— show
— file-content
— [file-path] string
— format keyword
— password string
— type keyword
— update-certificate
— certificate reference
— system-password
— admin-password
— telemetry
— grpc
— cancel
— all
— subscription-id number
— tech-support
— [url] string
admin command descriptions
admin
application-assurance
Synopsis | Enter the application-assurance context | |
Context | admin application-assurance | |
Tree | application-assurance | |
Description | Commands in this context configure Application Assurance (AA) upgrade and AA group upgrade operations. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
group [aa-group-id] reference
Synopsis | Enter the group list instance | |
Context | admin application-assurance group reference | |
Tree | group | |
Description | Commands in this context configure the attributes of the group-specific upgrade. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
[aa-group-id] reference
Synopsis | AA group ID | |
Context | admin application-assurance group reference | |
Tree | group | |
Reference | state application-assurance group number | |
Notes | This element is part of a list key. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
url-list [url-list-name] reference
Synopsis | Enter the url-list list instance | |
Context | admin application-assurance group reference url-list reference | |
Tree | url-list | |
Description | Commands in this context configure the URL list upgrade parameters. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
[url-list-name] reference
Synopsis | AA URL list name | |
Context | admin application-assurance group reference url-list reference | |
Tree | url-list | |
Reference | state application-assurance group number url-list string | |
Notes | This element is part of a list key. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
upgrade
upgrade
Synopsis | Upgrade to a new isa-aa.tim file | |
Context | admin application-assurance upgrade | |
Tree | upgrade | |
Description | This command loads a new isa-aa.tim file as part of a router-independent signature upgrade. An AA ISA reboot is required for the upgrade to take effect. | |
Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
clear
security
lockout
all
user string
password-history
Synopsis | Clear the password history | |
Context | admin clear security password-history | |
Tree | password-history | |
Introduced | 19.10.R1 | |
Platforms | All |
all
user string
disconnect
Synopsis | Disconnect a user session | |
Context | admin disconnect | |
Tree | disconnect | |
Introduced | 16.0.R1 | |
Platforms | All |
address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address of the session to disconnect | |
Context | admin disconnect address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | address | |
Introduced | 19.10.R1 | |
Platforms | All |
op-table-bypass boolean
Synopsis | Avoid operation ID allocation | |
Context | admin disconnect op-table-bypass boolean | |
Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
Introduced | 21.5.R1 | |
Platforms | All |
session-id number
Synopsis | ID of the session to disconnect | |
Context | admin disconnect session-id number | |
Tree | session-id | |
Range | 1 to 4294967295 | |
Introduced | 16.0.R1 | |
Platforms | All |
session-type keyword
Synopsis | Type of session to disconnect | |
Context | admin disconnect session-type keyword | |
Tree | session-type | |
Options | ||
Introduced | 19.10.R1 | |
Platforms |
All |
username string
Synopsis | Username to disconnect | |
Context | admin disconnect username string | |
Tree | username | |
String Length | 1 to 32 | |
Introduced | 19.10.R1 | |
Platforms | All |
nat
save-deterministic-script
Synopsis | Save script that computes deterministic NAT map entries | |
Context | admin nat save-deterministic-script | |
Tree | save-deterministic-script | |
Introduced | 21.2.R1 | |
Platforms | All |
reboot
[card] keyword
hold
now
redundancy
Synopsis | Enter the redundancy context | |
Context | admin redundancy | |
Tree | redundancy | |
Introduced | 16.0.R1 | |
Platforms | All |
force-switchover
Synopsis | Force a switchover to the standby CPM | |
Context | admin redundancy force-switchover | |
Tree | force-switchover | |
Introduced | 16.0.R1 | |
Platforms | All |
ignore-status
Synopsis | Switch to the standby CPM regardless of its status | |
Context | admin redundancy force-switchover ignore-status | |
Tree | ignore-status | |
Introduced | 19.10.R1 | |
Platforms | 7950 XRS |
now
Synopsis | Force the switchover to the standby CPM immediately | |
Context | admin redundancy force-switchover now | |
Tree | now | |
Introduced | 16.0.R1 | |
Platforms | All |
synchronize
Synopsis | Synchronize the standby CPM | |
Context | admin redundancy synchronize | |
Tree | synchronize | |
Introduced | 20.10.R1 | |
Platforms | All |
boot-environment
Synopsis | Synchronize all files required for the boot process | |
Context | admin redundancy synchronize boot-environment | |
Tree | boot-environment | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
Introduced | 20.10.R1 | |
Platforms | All |
certificate
Synopsis | Synchronize imported certificate, key, and CRL files | |
Context | admin redundancy synchronize certificate | |
Tree | certificate | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
Introduced | 23.3.R1 | |
Platforms | All |
configuration
Synopsis | Synchronize the configuration files | |
Context | admin redundancy synchronize configuration | |
Tree | configuration | |
Description | When specified, the system synchronizes the primary, secondary, and tertiary configuration files. | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
Introduced | 20.10.R1 | |
Platforms | All |
satellite
ethernet-satellite [satellite-id] reference
Synopsis | Enter the ethernet-satellite list instance | |
Context | admin satellite ethernet-satellite reference | |
Tree | ethernet-satellite | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[satellite-id] reference
Synopsis | Satellite ID | |
Context | admin satellite ethernet-satellite reference | |
Tree | ethernet-satellite | |
Reference | state satellite ethernet-satellite number | |
Notes | This element is part of a list key. | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
reboot
Synopsis | Initiate an administrative reboot of the chassis | |
Context | admin satellite ethernet-satellite reference reboot | |
Tree | reboot | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
now
upgrade
synchronize
Synopsis | Synchronize the chassis to the boot image | |
Context | admin satellite ethernet-satellite reference synchronize | |
Tree | synchronize | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tech-support
Synopsis | Save satellite technical support information | |
Context | admin satellite ethernet-satellite reference tech-support | |
Tree | tech-support | |
Description | This command creates a system core dump. If no file URL is specified and the ts-location command is configured in the configure system security tech-support context, the technical support file is automatically generated by the system with the file name based on the system name and the date and time, and is saved to the directory indicated by the ts-location configuration. The format of the auto-generated file name is ts-XXXXX.YYYYMMDD.HHMMUTC.dat, where:
Note: This command is not supported over non-interactive interfaces (for example, NETCONF). Note: This command should only be used with authorized direction from the Nokia Technical Assistance Center (TAC). | |
Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[url] string
Synopsis | URL to save technical support information | |
Context | admin satellite ethernet-satellite reference tech-support [url] string | |
Tree | [url] | |
String Length | 1 to 180 | |
Notes | This element is mandatory. | |
Introduced | 22.2.R1 | |
Platforms | All |
save
bof
configure
debug
li
[url] string
set
time
[system-time] string
Synopsis | System date and time | |
Context | admin set time [system-time] string | |
Tree | [system-time] | |
Description | This command sets the system date and time. The time zone may optionally be specified. When the time zone is not specified, the system uses the configured system time zone. | |
Notes | This element is mandatory. | |
Introduced | 19.10.R1 | |
Platforms | All |
show
configuration
Synopsis | Show the current configuration | |
Context | admin show configuration | |
Tree | configuration | |
Introduced | 16.0.R1 | |
Platforms | All |
bof
Synopsis | Show the BOF region configuration | |
Context | admin show configuration bof | |
Tree | bof | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
Introduced | 20.10.R1 | |
Platforms | All |
booted
Synopsis | Show the booted BOF configuration | |
Context | admin show configuration booted | |
Tree | booted | |
Notes | The following elements are part of a choice: booted or cflash-id. | |
Introduced | 20.10.R1 | |
Platforms | All |
cflash-id string
Synopsis | Show the BOF configuration file on a compact flash | |
Context | admin show configuration cflash-id string | |
Tree | cflash-id | |
String Length | 4 to 6 | |
Notes | The following elements are part of a choice: booted or cflash-id. | |
Introduced | 20.10.R1 | |
Platforms | All |
[cli-path] string
Synopsis | Absolute path or relative path from '/' | |
Context | admin show configuration [cli-path] string | |
Tree | [cli-path] | |
Introduced | 21.10.R1 | |
Platforms | All |
configure
Synopsis | Show the configure region configuration | |
Context | admin show configuration configure | |
Tree | configure | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
Introduced | 20.7.R1 | |
Platforms | All |
debug
Synopsis | Show the debug region configuration | |
Context | admin show configuration debug | |
Tree | debug | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
Introduced | 21.5.R1 | |
Platforms | All |
detail
Synopsis | Include default and unconfigured values | |
Context | admin show configuration detail | |
Tree | detail | |
Introduced | 20.7.R1 | |
Platforms | All |
flat
Synopsis | Show the context from the pwc on each line | |
Context | admin show configuration flat | |
Tree | flat | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
Introduced | 20.7.R1 | |
Platforms | All |
full-context
Synopsis | Show the full context on each line | |
Context | admin show configuration full-context | |
Tree | full-context | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
Introduced | 20.7.R1 | |
Platforms | All |
intended
Synopsis | Show the intended configuration | |
Context | admin show configuration intended | |
Tree | intended | |
Notes | The following elements are part of a choice: intended or running. | |
Introduced | 20.7.R1 | |
Platforms | All |
json
Synopsis | Show the output in indented JSON format | |
Context | admin show configuration json | |
Tree | json | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
Introduced | 19.10.R1 | |
Platforms | All |
li
Synopsis | Show the LI region configuration | |
Context | admin show configuration li | |
Tree | li | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
Introduced | 19.10.R1 | |
Platforms | All |
running
Synopsis | Show the running configuration | |
Context | admin show configuration running | |
Tree | running | |
Notes | The following elements are part of a choice: intended or running. | |
Introduced | 20.7.R1 | |
Platforms | All |
units
Synopsis | Include unit types for applicable elements | |
Context | admin show configuration units | |
Tree | units | |
Introduced | 20.10.R1 | |
Platforms | All |
xml
Synopsis | Show the output in indented XML format | |
Context | admin show configuration xml | |
Tree | xml | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
Introduced | 20.7.R1 | |
Platforms | All |
support-mode
Synopsis | Enable the shell and kernel commands | |
Context | admin support-mode | |
Tree | support-mode | |
Introduced | 16.0.R4 | |
Platforms | All |
system
license
activate
[file-url] string
Synopsis | Location of the license file to activate | |
Context | admin system license activate [file-url] string | |
Tree | [file-url] | |
String Length | 1 to 256 | |
Introduced | 19.10.R1 | |
Platforms | All |
now
validate
[file-url] string
Synopsis | Location of the license file to validate | |
Context | admin system license validate [file-url] string | |
Tree | [file-url] | |
String Length | 1 to 256 | |
Introduced | 19.10.R1 | |
Platforms | All |
management-interface
Synopsis | Enter the management-interface context | |
Context | admin system management-interface | |
Tree | management-interface | |
Introduced | 21.5.R1 | |
Platforms | All |
operations
Synopsis | Enter the operations context | |
Context | admin system management-interface operations | |
Tree | operations | |
Description | Commands in this context are used to manage YANG-based operations (for example, admin reboot, or ping) in model-driven interfaces. | |
Introduced | 21.5.R1 | |
Platforms | All |
delete-operation
Synopsis | Stop and remove an operation | |
Context | admin system management-interface operations delete-operation | |
Tree | delete-operation | |
Description | This command removes an operation and all status and data associated with it. If the operation was executing, it is stopped before removal. | |
Introduced | 21.5.R1 | |
Platforms | All |
[delete-id] number
Synopsis | ID of the operation to remove | |
Context | admin system management-interface operations delete-operation [delete-id] number | |
Tree | [delete-id] | |
Range | 1 to 10000 | |
Notes | This element is mandatory. | |
Introduced | 21.5.R1 | |
Platforms | All |
op-table-bypass boolean
Synopsis | Avoid operation ID allocation | |
Context | admin system management-interface operations delete-operation op-table-bypass boolean | |
Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
Introduced | 21.5.R1 | |
Platforms | All |
stop-operation
Synopsis | Stop the execution of an operational command | |
Context | admin system management-interface operations stop-operation | |
Tree | stop-operation | |
Description | This command stops the execution of an operational command. An operation launched as "asynchronous" is not deleted from the system when it is stopped. Status and other data associated with the operation persist until the operation is explicitly deleted using the delete operation command or a retention timeout. | |
Introduced | 21.5.R1 | |
Platforms | All |
op-table-bypass boolean
Synopsis | Avoid operation ID allocation | |
Context | admin system management-interface operations stop-operation op-table-bypass boolean | |
Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
Introduced | 21.5.R1 | |
Platforms | All |
[stop-id] number
Synopsis | ID of the operation to stop | |
Context | admin system management-interface operations stop-operation [stop-id] number | |
Tree | [stop-id] | |
Range | 1 to 10000 | |
Notes | This element is mandatory. | |
Introduced | 21.5.R1 | |
Platforms | All |
security
hash-control
Synopsis | Enter the hash-control context | |
Context | admin system security hash-control | |
Tree | hash-control | |
Introduced | 16.0.R6 | |
Platforms | All |
custom-hash
Synopsis | Custom encryption | |
Context | admin system security hash-control custom-hash | |
Tree | custom-hash | |
Introduced | 16.0.R6 | |
Platforms | All |
algorithm keyword
Synopsis | Algorithm for custom encryption | |
Context | admin system security hash-control custom-hash algorithm keyword | |
Tree | algorithm | |
Description | This command configures the algorithm for custom encryption. The encryption uses ECB mode, PKCS#7 padding, and Base64 encoding. | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 16.0.R6 | |
Platforms | All |
key string
Synopsis | Key for encryption algorithm | |
Context | admin system security hash-control custom-hash key string | |
Tree | key | |
String Length | 1 to 71 | |
Notes | This element is mandatory. | |
Introduced | 16.0.R6 | |
Platforms | All |
remove-custom-hash
Synopsis | Remove the custom encryption | |
Context | admin system security hash-control remove-custom-hash | |
Tree | remove-custom-hash | |
Introduced | 20.10.R1 | |
Platforms | All |
pki
clear-ocsp-cache
Synopsis | Clear the current OCSP response cache | |
Context | admin system security pki clear-ocsp-cache | |
Tree | clear-ocsp-cache | |
Introduced | 23.3.R1 | |
Platforms | All |
[entry-id] number
Synopsis | Local OCSP response cache entry ID to clear | |
Context | admin system security pki clear-ocsp-cache [entry-id] number | |
Tree | [entry-id] | |
Range | 1 to 2000 | |
Introduced | 23.3.R1 | |
Platforms | All |
cmpv2
cert-request
Synopsis | Request an additional certificate | |
Context | admin system security pki cmpv2 cert-request | |
Tree | cert-request | |
Description | When specified, the system requests an additional certificate after the initial certificate has been obtained from the CA. The request is authenticated by a signature signed by the current key, along with the current certificate. The hash algorithm used for the signature depends on the key type:
CA may not return a certificate immediately, for example, if the request process requires manual intervention. The poll command can be used to poll the status of the request. | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 cert-request ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
current-certificate string
Synopsis | Existing imported certificate file to create request | |
Context | admin system security pki cmpv2 cert-request current-certificate string | |
Tree | current-certificate | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
current-key string
Synopsis | Imported key file used to create the request | |
Context | admin system security pki cmpv2 cert-request current-key string | |
Tree | current-key | |
Description | This command specifies the imported key file corresponding to the existing imported certificate file used to create the request. | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
Synopsis | FQDNs for the Subject Alternative Name | |
Context | admin system security pki cmpv2 cert-request domain-name string | |
Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
String Length | 1 to 512 | |
Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki cmpv2 cert-request hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address for the Subject Alternative Name | |
Context | admin system security pki cmpv2 cert-request ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
Introduced | 23.3.R1 | |
Platforms | All |
new-key string
save-as string
subject-dn string
Synopsis | Subject of the requesting certificate | |
Context | admin system security pki cmpv2 cert-request subject-dn string | |
Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
String Length | 1 to 256 | |
Introduced | 23.3.R1 | |
Platforms | All |
clear-request
Synopsis | Clear pending CMPv2 requests | |
Context | admin system security pki cmpv2 clear-request | |
Tree | clear-request | |
Description | When specified, the system clears pending CMPv2 requests for the specified CA. If no requests are pending, the system clears the saved result of the previous request | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 clear-request ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
initial-registration
Synopsis | Request initial certificate using the CMPv2 protocol | |
Context | admin system security pki cmpv2 initial-registration | |
Tree | initial-registration | |
Description | When specified, the system requests the initial certificate from the CA using the CMPv2 initial registration procedure. The ca-profile parameter specifies a CA profile which includes CMP server information. The key-to-certify parameter is an imported key file to be certified by the CA. The request is authenticated via one of the following methods:
The subject-dn command specifies the subject of the requesting certificate. The save-as command specifies the full path name for saving the result certificate. The CA may not return the certificate immediately, for example, if the request process requires manual intervention. In such cases, the poll command can be used to poll the status of the request. | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 initial-registration ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
certificate string
Synopsis | Filename of the certificate for the protection key | |
Context | admin system security pki cmpv2 initial-registration certificate string | |
Tree | certificate | |
String Length | 1 to 95 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
Synopsis | FQDNs for the Subject Alternative Name | |
Context | admin system security pki cmpv2 initial-registration domain-name string | |
Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
String Length | 1 to 512 | |
Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki cmpv2 initial-registration hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address for the Subject Alternative Name | |
Context | admin system security pki cmpv2 initial-registration ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
Introduced | 23.3.R1 | |
Platforms | All |
key-to-certify string
Synopsis | Name of the key file used to create initial request | |
Context | admin system security pki cmpv2 initial-registration key-to-certify string | |
Tree | key-to-certify | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
password string
Synopsis | Password for message protection | |
Context | admin system security pki cmpv2 initial-registration password string | |
Tree | password | |
String Length | 1 to 64 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
protection-key string
Synopsis | Key file used to generate message protection signature | |
Context | admin system security pki cmpv2 initial-registration protection-key string | |
Tree | protection-key | |
String Length | 1 to 95 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
reference string
Synopsis | Password reference number | |
Context | admin system security pki cmpv2 initial-registration reference string | |
Tree | reference | |
String Length | 1 to 64 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
save-as string
send-chain
Synopsis | Send a certificate chain | |
Context | admin system security pki cmpv2 initial-registration send-chain | |
Tree | send-chain | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
subject-dn string
Synopsis | Subject of the requesting certificate | |
Context | admin system security pki cmpv2 initial-registration subject-dn string | |
Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
String Length | 1 to 256 | |
Introduced | 23.3.R1 | |
Platforms | All |
with-ca reference
Synopsis | Name of CA profile with certificate in the send chain | |
Context | admin system security pki cmpv2 initial-registration with-ca reference | |
Tree | with-ca | |
Reference | state system security pki ca-profile string | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
Introduced | 23.3.R1 | |
Platforms | All |
key-update
Synopsis | Request new certificate to update existing certificate | |
Context | admin system security pki cmpv2 key-update | |
Tree | key-update | |
Description | When specified, the system requests a new certificate from the CA to update an existing certificate due to reasons such as a key refresh or to replace a compromised key. The CA may not return the certificate immediately, for example, if the request process requires manual intervention. In these cases, the poll command can be used to poll the status of the request. | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 key-update ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki cmpv2 key-update hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
new-key string
old-certificate string
Synopsis | Name of the old certificate file to be replaced | |
Context | admin system security pki cmpv2 key-update old-certificate string | |
Tree | old-certificate | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
old-key string
save-as string
poll
Synopsis | Poll the CMPv2 server for pending request status | |
Context | admin system security pki cmpv2 poll | |
Tree | poll | |
Description | When specified, the system polls the status of the pending CMPv2 request toward the specified CA. If the response is ready, the system resumes the CMPv2 protocol exchange with the server. SR OS allows only one pending CMP request per CA; therefore, no new request is allowed when a pending request is present. | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki cmpv2 poll ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference |
state system security pki ca-profile string | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
convert-file
Synopsis | Convert imported file between secure and legacy format | |
Context | admin system security pki convert-file | |
Tree | convert-file | |
Introduced | 23.3.R1 | |
Platforms | All |
force
format keyword
[input-file] string
Synopsis | Name of the file to be converted | |
Context | admin system security pki convert-file [input-file] string | |
Tree | [input-file] | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
[output-file] string
Synopsis | Output filename | |
Context | admin system security pki convert-file [output-file] string | |
Tree | [output-file] | |
Description | This command specifies the output filename. If the filename already exists, the system prompts the user to proceed or aborts if the force command is unconfigured. | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
crl-update
Synopsis | Trigger the CRL update for the CA profile | |
Context | admin system security pki crl-update | |
Tree | crl-update | |
Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
Synopsis | PKI CA profile name | |
Context | admin system security pki crl-update ca-profile reference | |
Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
est
ca-certificates
Synopsis | Download CA certificates from the EST server | |
Context | admin system security pki est ca-certificates | |
Tree | ca-certificates | |
Description | This command downloads a Certificate Authority (CA) certificate from an EST server specified by the profile name. | |
Introduced | 23.3.R1 | |
Platforms | All |
est-profile string
Synopsis | PKI EST profile name | |
Context | admin system security pki est ca-certificates est-profile string | |
Tree | est-profile | |
String Length | 1 to 32 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
force
output-url string
Synopsis | Path to the result file | |
Context | admin system security pki est ca-certificates output-url string | |
Tree | output-url | |
String Length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
enroll
Synopsis | Enroll a new certificate with CA with the EST protocol | |
Context | admin system security pki est enroll | |
Tree | enroll | |
Description | When specified, the system enrolls a new certificate with Certificate Authority (CA) by the EST protocol specified with the est-profile command with a imported private key specified by the key command. The est-profile commad specifies the authentication between the system and EST server. The hash-alg, subject-dn, domain-name, and ip-address commands are used to generate the Certificate Signing Request (CSR) in the EST request message. The domain-name and ip-address commands are used as subject alternative names. If validate-certificate-chain is specified, the system validates the chain of result certificate before importing it. The certificate chain is the chain of all certificates from the result certificate to the issuing CA. The result certificate is the new certificate returned by the EST server. The result certificate is imported and saved with the filename specified by the output-file command. If the force command is specified, the system overwrites the existing file with same name as the output file. | |
Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
Synopsis | FQDNs for the Subject Alternative Name | |
Context | admin system security pki est enroll domain-name string | |
Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
String Length | 1 to 512 | |
Introduced | 23.3.R1 | |
Platforms | All |
est-profile string
Synopsis | PKI EST profile name | |
Context | admin system security pki est enroll est-profile string | |
Tree | est-profile | |
String Length | 1 to 32 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
force
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki est enroll hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address for the Subject Alternative Name | |
Context | admin system security pki est enroll ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
Introduced | 23.3.R1 | |
Platforms | All |
key string
output-file string
Synopsis | Name of the result file | |
Context | admin system security pki est enroll output-file string | |
Tree | output-file | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
subject-dn string
Synopsis | Subject of the requesting certificate | |
Context | admin system security pki est enroll subject-dn string | |
Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
String Length | 1 to 256 | |
Introduced | 23.3.R1 | |
Platforms | All |
validate-certificate-chain
Synopsis | Validate result certificate chain before importing | |
Context | admin system security pki est enroll validate-certificate-chain | |
Tree | validate-certificate-chain | |
Introduced | 23.3.R1 | |
Platforms | All |
renew
Synopsis | Renew a CA certificate using the EST protocol | |
Context | admin system security pki est renew | |
Tree | renew | |
Description | When specified, the system renews an imported certificate (specified by the certificate command) with a Certificate Authority (CA) using the EST protocol specified by the est-profile parameter, with an imported private key specified the key command. The key can be either the key of the certificate to be renewed or a new key. The authentication between system and EST server is specified by the est-profile parameter. The system uses the hash-alg command to generate the CSR in the EST request message. | |
Introduced | 23.3.R1 | |
Platforms | All |
certificate string
Synopsis | Name of the imported certificate file to renew | |
Context | admin system security pki est renew certificate string | |
Tree | certificate | |
String Length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
est-profile string
Synopsis | PKI EST profile name | |
Context | admin system security pki est renew est-profile string | |
Tree | est-profile | |
String Length | 1 to 32 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
force
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki est renew hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
key string
output-file string
Synopsis | Name of the result file | |
Context | admin system security pki est renew output-file string | |
Tree | output-file | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
validate-certificate-chain
Synopsis | Validate result certificate chain before importing | |
Context | admin system security pki est renew validate-certificate-chain | |
Tree | validate-certificate-chain | |
Introduced | 23.3.R1 | |
Platforms | All |
export
format keyword
input-file string
Synopsis | Name of the file to be exported | |
Context | admin system security pki export input-file string | |
Tree | input-file | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
key-file string
Synopsis | Name of the key file to be exported | |
Context | admin system security pki export key-file string | |
Tree | key-file | |
Description | This command specifies the name of the key file to be exported when the output format may contain the certificate and the key. | |
String Length | 1 to 95 | |
Introduced | 23.3.R1 | |
Platforms | All |
output-url string
Synopsis | Full path to export the result file | |
Context | admin system security pki export output-url string | |
Tree | output-url | |
String Length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
password string
type keyword
generate-csr
Synopsis | Generate a PKCS#10 certificate signing request file | |
Context | admin system security pki generate-csr | |
Tree | generate-csr | |
Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
Synopsis | FQDNs for the Subject Alternative Name | |
Context | admin system security pki generate-csr domain-name string | |
Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
String Length | 1 to 512 | |
Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
Synopsis | Hash algorithm used for the certificate signature | |
Context | admin system security pki generate-csr hash-algorithm keyword | |
Tree | hash-algorithm | |
Options | ||
Introduced | 23.3.R1 | |
Platforms |
All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
Synopsis | IP address for the Subject Alternative Name | |
Context | admin system security pki generate-csr ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
Introduced | 23.3.R1 | |
Platforms | All |
key-url string
output-url string
Synopsis | Full path to result certificate signing request file | |
Context | admin system security pki generate-csr output-url string | |
Tree | output-url | |
String Length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
subject-dn string
Synopsis | Subject of the requesting certificate | |
Context | admin system security pki generate-csr subject-dn string | |
Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
String Length | 1 to 256 | |
Introduced | 23.3.R1 | |
Platforms | All |
use-printable
Synopsis | Force ASCII encoding for input subject DN attributes | |
Context | admin system security pki generate-csr use-printable | |
Tree | use-printable | |
Description | When specified, the system forces the use of ASCII encoding for the input subject DN attributes. Otherwise, the system uses UTF-8 encoding. | |
Introduced | 23.3.R1 | |
Platforms | All |
generate-keypair
Synopsis | Generate PKI key pair | |
Context | admin system security pki generate-keypair | |
Tree | generate-keypair | |
Description | When specified, the system generates an RSA, DSA, or ECDSA private/public key pair file | |
Introduced | 23.3.R1 | |
Platforms | All |
dsa-key-size number
Synopsis | Length of the DSA key to be generated | |
Context | admin system security pki generate-keypair dsa-key-size number | |
Tree | dsa-key-size | |
Range | 512 to 8192 | |
Default | 2048 | |
Notes |
The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
Introduced | 23.3.R1 | |
Platforms | All |
ecdsa-curve keyword
Synopsis | Elliptic curve of the ECDSA key to be generated | |
Context | admin system security pki generate-keypair ecdsa-curve keyword | |
Tree | ecdsa-curve | |
Default | secp256r1 | |
Options | ||
Notes | The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
Introduced | 23.3.R1 | |
Platforms | All |
rsa-key-size number
Synopsis | Length of the RSA key to be generated | |
Context | admin system security pki generate-keypair rsa-key-size number | |
Tree | rsa-key-size | |
Range | 512 to 8192 | |
Default | 2048 | |
Notes |
The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
Introduced | 23.3.R1 | |
Platforms | All |
[save-path] string
Synopsis | Full path to save the result key file | |
Context | admin system security pki generate-keypair [save-path] string | |
Tree | [save-path] | |
String Length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
import
Synopsis | Import a certificate related file | |
Context | admin system security pki import | |
Tree | import | |
Description | When specified, the system imports an input file (key/certificate/CRL) to be used by SROS applications. The following summarizes the supported formats:
| |
Introduced | 23.3.R1 | |
Platforms | All |
format keyword
input-url string
output-file string
Synopsis | Name of the result file | |
Context | admin system security pki import output-file string | |
Tree | output-file | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
password string
type keyword
validate-certificate-chain
Synopsis | Validate the certificate chain | |
Context | admin system security pki import validate-certificate-chain | |
Tree | validate-certificate-chain | |
Description | When specified, the system validates the result certificate chain before it is imported. | |
Introduced | 23.3.R1 | |
Platforms | All |
reload
Synopsis | Reload key or certificate files | |
Context | admin system security pki reload | |
Tree | reload | |
Description | When specified, the system reloads the key or certificate files for the specified application.This command can be used to ensure a changed imported file takes effect. | |
Introduced | 23.3.R1 | |
Platforms | All |
application keyword
Synopsis | Application to be reloaded | |
Context | admin system security pki reload application keyword | |
Tree | application | |
Options | ||
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
certificate string
Synopsis | Name of the certificate file to reload | |
Context | admin system security pki reload certificate string | |
Tree | certificate | |
String Length | 1 to 95 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
key string
show
file-content
Synopsis | Display content of certificate related files | |
Context | admin system security pki show file-content | |
Tree | file-content | |
Introduced | 23.3.R1 | |
Platforms | All |
[file-path] string
Synopsis | Full path to the file to display | |
Context | admin system security pki show file-content [file-path] string | |
Tree | [file-path] | |
String Length | 1 to 200 | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
format keyword
password string
type keyword
update-certificate
Synopsis | Update End Entity certificate | |
Context | admin system security pki update-certificate | |
Tree | update-certificate | |
Description | When specified, the system triggers an update for the specified certificate according to the corresponding configure system security pki certificate-auto-update configuration. | |
Introduced | 23.3.R1 | |
Platforms | All |
certificate reference
Synopsis | Name of the certificate file to be updated | |
Context | admin system security pki update-certificate certificate reference | |
Tree | certificate | |
Reference | state system security pki certificate-auto-update string | |
Notes | This element is mandatory. | |
Introduced | 23.3.R1 | |
Platforms | All |
system-password
Synopsis | Change a local system password | |
Context | admin system security system-password | |
Tree | system-password | |
Introduced | 22.10.R2 | |
Platforms | All |
admin-password
Synopsis | Administrative password | |
Context | admin system security system-password admin-password | |
Tree | admin-password | |
Notes | This element is mandatory. | |
Introduced | 22.10.R2 | |
Platforms | All |
telemetry
grpc
cancel
all
subscription-id number
Synopsis | ID of the telemetry subscription to cancel | |
Context | admin system telemetry grpc cancel subscription-id number | |
Tree | subscription-id | |
Max. Range | 0 to 4294967295 | |
Notes | The following elements are part of a mandatory choice: all or subscription-id. | |
Introduced | 19.10.R1 | |
Platforms | All |
tech-support
Synopsis | Save technical support information to a file | |
Context | admin tech-support | |
Tree | tech-support | |
Introduced | 20.10.R1 | |
Platforms | All |
[url] string
Synopsis | URL to save technical support information | |
Context | admin tech-support [url] string | |
Tree | [url] | |
String Length | 1 to 180 | |
Introduced | 20.10.R1 | |
Platforms | All |