admin commands
The admin commands are used to perform administrative functions, such as displaying configuration that is not subject to AAA, manually saving the configuration, clearing user sessions, and rebooting the system.
admin
— application-assurance
— group reference
— url-list reference
— upgrade
— upgrade
— clear
— security
— lockout
— all
— user string
— password-history
— all
— user string
— disconnect
— address (ipv4-address-no-zone | ipv6-address-no-zone)
— op-table-bypass boolean
— session-id number
— session-type keyword
— username string
— ipsec
— show
— key
— gateway string
— ip-tunnel string
— ipsec-tunnel string
— peer-tunnel-ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— peer-tunnel-port number
— type keyword
— nat
— save-deterministic-script
— reboot
— [card] keyword
— hold
— now
— redundancy
— force-switchover
— ignore-status
— now
— synchronize
— boot-environment
— certificate
— configuration
— satellite
— ethernet-satellite reference
— reboot
— now
— upgrade
— synchronize
— tech-support
— [url] string
— save
— bof
— configure
— debug
— li
— [url] string
— set
— time
— [system-time] string
— show
— configuration
— bof
— booted
— cflash-id string
— [cli-path] string
— configure
— converted
— debug
— depth number
— detail
— differences
— flat
— full-context
— inheritance
— intended
— json
— li
— model keyword
— running
— units
— values
— xml
— support-mode
— password
— kernel string
— shell string
— system
— license
— activate
— [file-url] string
— now
— clear
— now
— validate
— [file-url] string
— management-interface
— commit
— confirmed
— accept
— cancel
— operations
— delete-operation
— [delete-id] number
— op-table-bypass boolean
— stop-operation
— op-table-bypass boolean
— [stop-id] number
— security
— hash-control
— custom-hash
— algorithm keyword
— key string
— remove-custom-hash
— pki
— clear-ocsp-cache
— [entry-id] number
— cmpv2
— cert-request
— ca-profile reference
— current-certificate string
— current-key string
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— new-key string
— save-as string
— subject-dn string
— clear-request
— ca-profile reference
— initial-registration
— ca-profile reference
— certificate string
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key-to-certify string
— password string
— protection-key string
— reference string
— save-as string
— send-chain
— subject-dn string
— with-ca reference
— key-update
— ca-profile reference
— hash-algorithm keyword
— new-key string
— old-certificate string
— old-key string
— save-as string
— poll
— ca-profile reference
— convert-file
— force
— format keyword
— [input-file] string
— [output-file] string
— crl-update
— ca-profile reference
— est
— ca-certificates
— est-profile string
— force
— output-url string
— enroll
— domain-name string
— est-profile string
— force
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key string
— output-file string
— subject-dn string
— validate-certificate-chain
— renew
— certificate string
— est-profile string
— force
— hash-algorithm keyword
— key string
— output-file string
— validate-certificate-chain
— export
— format keyword
— input-file string
— key-file string
— output-url string
— password string
— type keyword
— generate-csr
— domain-name string
— hash-algorithm keyword
— ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
— key-url string
— output-url string
— subject-dn string
— use-printable
— generate-keypair
— dsa-key-size number
— ecdsa-curve keyword
— rsa-key-size number
— [save-path] string
— import
— format keyword
— input-url string
— output-file string
— password string
— type keyword
— validate-certificate-chain
— reload
— application keyword
— certificate string
— key string
— show
— file-content
— [file-path] string
— format keyword
— password string
— type keyword
— update-certificate
— certificate reference
— secure-boot
— activate
— card reference
— confirmation-code string
— serial-number string
— revoke-key
— card reference
— confirmation-code string
— serial-number string
— update-key
— card reference
— confirmation-code string
— serial-number string
— software-image string
— validate
— software-image string
— system-password
— admin-password
— telemetry
— grpc
— cancel
— all
— subscription-id number
— tech-support
— [url] string
admin command descriptions
admin
application-assurance
| Synopsis | Enter the application-assurance context | |
| Context | admin application-assurance | |
| Tree | application-assurance | |
Description | Commands in this context configure Application Assurance (AA) upgrade and AA group upgrade operations. | |
| Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
group [aa-group-id] reference
| Synopsis | Enter the group list instance | |
| Context | admin application-assurance group reference | |
| Tree | group | |
Description | Commands in this context configure the attributes of the group-specific upgrade. | |
| Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
[aa-group-id] reference
| Synopsis | AA group ID | |
| Context | admin application-assurance group reference | |
| Tree | group | |
Reference | state application-assurance group number | |
Notes | This element is part of a list key. | |
| Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
url-list [url-list-name] reference
| Synopsis | Enter the url-list list instance | |
| Context | admin application-assurance group reference url-list reference | |
| Tree | url-list | |
Description | Commands in this context configure the URL list upgrade parameters. | |
| Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
[url-list-name] reference
| Synopsis | AA URL list name | |
| Context | admin application-assurance group reference url-list reference | |
| Tree | url-list | |
Reference | state application-assurance group number url-list string | |
Notes | This element is part of a list key. | |
| Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
upgrade
upgrade
| Synopsis | Upgrade to a new isa-aa.tim file | |
| Context | admin application-assurance upgrade | |
| Tree | upgrade | |
Description | This command loads a new isa-aa.tim file as part of a router-independent signature upgrade. An AA ISA reboot is required for the upgrade to take effect. | |
| Introduced | 21.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
clear
security
lockout
all
user string
password-history
| Synopsis | Clear the password history | |
| Context | admin clear security password-history | |
| Tree | password-history | |
| Introduced | 19.10.R1 | |
Platforms | All |
all
user string
disconnect
| Synopsis | Disconnect a user session | |
| Context | admin disconnect | |
| Tree | disconnect | |
| Introduced | 16.0.R1 | |
Platforms | All |
address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address of the session to disconnect | |
| Context | admin disconnect address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | address | |
| Introduced | 19.10.R1 | |
Platforms | All |
op-table-bypass boolean
| Synopsis | Avoid operation ID allocation | |
| Context | admin disconnect op-table-bypass boolean | |
| Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
| Introduced | 21.5.R1 | |
Platforms | All |
session-id number
| Synopsis | ID of the session to disconnect | |
| Context | admin disconnect session-id number | |
| Tree | session-id | |
| Range | 1 to 4294967295 | |
| Introduced | 16.0.R1 | |
Platforms | All |
session-type keyword
| Synopsis | Type of session to disconnect | |
| Context | admin disconnect session-type keyword | |
| Tree | session-type | |
| Options | ||
| Introduced | 19.10.R1 | |
Platforms |
All |
username string
| Synopsis | Username to disconnect | |
| Context | admin disconnect username string | |
| Tree | username | |
| String Length | 1 to 32 | |
| Introduced | 19.10.R1 | |
Platforms | All |
ipsec
show
key
gateway string
| Synopsis | IPsec gateway name | |
| Context | admin ipsec show key gateway string | |
| Tree | gateway | |
| String Length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
| Introduced | 23.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
ip-tunnel string
| Synopsis | IPsec transport mode IP tunnel name | |
| Context | admin ipsec show key ip-tunnel string | |
| Tree | ip-tunnel | |
| String Length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
| Introduced | 23.10.R1 | |
Platforms | All |
ipsec-tunnel string
| Synopsis | IPsec tunnel name | |
| Context | admin ipsec show key ipsec-tunnel string | |
| Tree | ipsec-tunnel | |
| String Length | 1 to 32 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
| Introduced | 23.10.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR |
peer-tunnel-ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | Dynamic tunnel IP address | |
| Context | admin ipsec show key peer-tunnel-ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | peer-tunnel-ip-address | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
| Introduced | 23.10.R1 | |
Platforms | All |
peer-tunnel-port number
| Synopsis | Dynamic tunnel port | |
| Context | admin ipsec show key peer-tunnel-port number | |
| Tree | peer-tunnel-port | |
| Range | 0 | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: (gateway, peer-tunnel-ip-address, and peer-tunnel-port), ip-tunnel, or ipsec-tunnel. | |
| Introduced | 23.10.R1 | |
Platforms | All |
type keyword
nat
save-deterministic-script
| Synopsis | Save script that computes deterministic NAT map entries | |
| Context | admin nat save-deterministic-script | |
| Tree | save-deterministic-script | |
| Introduced | 21.2.R1 | |
Platforms | All |
reboot
[card] keyword
hold
now
redundancy
| Synopsis | Enter the redundancy context | |
| Context | admin redundancy | |
| Tree | redundancy | |
| Introduced | 16.0.R1 | |
Platforms | All |
force-switchover
| Synopsis | Force a switchover to the standby CPM | |
| Context | admin redundancy force-switchover | |
| Tree | force-switchover | |
| Introduced | 16.0.R1 | |
Platforms | All |
ignore-status
| Synopsis | Switch to the standby CPM regardless of its status | |
| Context | admin redundancy force-switchover ignore-status | |
| Tree | ignore-status | |
| Introduced | 19.10.R1 | |
Platforms | 7950 XRS |
now
| Synopsis | Force the switchover to the standby CPM immediately | |
| Context | admin redundancy force-switchover now | |
| Tree | now | |
| Introduced | 16.0.R1 | |
Platforms | All |
synchronize
| Synopsis | Synchronize the standby CPM | |
| Context | admin redundancy synchronize | |
| Tree | synchronize | |
| Introduced | 20.10.R1 | |
Platforms | All |
boot-environment
| Synopsis | Synchronize all files required for the boot process | |
| Context | admin redundancy synchronize boot-environment | |
| Tree | boot-environment | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
| Introduced | 20.10.R1 | |
Platforms | All |
certificate
| Synopsis | Synchronize imported certificate, key, and CRL files | |
| Context | admin redundancy synchronize certificate | |
| Tree | certificate | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
| Introduced | 23.3.R1 | |
Platforms | All |
configuration
| Synopsis | Synchronize the configuration files | |
| Context | admin redundancy synchronize configuration | |
| Tree | configuration | |
Description | When specified, the system synchronizes the primary, secondary, and tertiary configuration files. | |
Notes | The following elements are part of a mandatory choice: boot-environment, certificate, or configuration. | |
| Introduced | 20.10.R1 | |
Platforms | All |
satellite
ethernet-satellite [satellite-id] reference
| Synopsis | Enter the ethernet-satellite list instance | |
| Context | admin satellite ethernet-satellite reference | |
| Tree | ethernet-satellite | |
| Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[satellite-id] reference
| Synopsis | Satellite ID | |
| Context | admin satellite ethernet-satellite reference | |
| Tree | ethernet-satellite | |
Reference | state satellite ethernet-satellite number | |
Notes | This element is part of a list key. | |
| Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
reboot
| Synopsis | Initiate an administrative reboot of the chassis | |
| Context | admin satellite ethernet-satellite reference reboot | |
| Tree | reboot | |
| Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
now
upgrade
synchronize
| Synopsis | Synchronize the chassis to the boot image | |
| Context | admin satellite ethernet-satellite reference synchronize | |
| Tree | synchronize | |
| Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
tech-support
| Synopsis | Save satellite technical support information | |
| Context | admin satellite ethernet-satellite reference tech-support | |
| Tree | tech-support | |
Description | This command creates a system core dump. If no file URL is specified and the ts-location command is configured in the configure system security tech-support context, the technical support file is automatically generated by the system with the file name based on the system name and the date and time, and is saved to the directory indicated by the ts-location configuration. The format of the auto-generated file name is ts-XXXXX.YYYYMMDD.HHMMUTC.dat, where:
Note: This command is not supported over non-interactive interfaces (for example, NETCONF). Note: This command should only be used with authorized direction from the Nokia Technical Assistance Center (TAC). | |
| Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
[url] string
| Synopsis | URL to save technical support information | |
| Context | admin satellite ethernet-satellite reference tech-support [url] string | |
| Tree | [url] | |
| String Length | 1 to 180 | |
Notes | This element is mandatory. | |
| Introduced | 22.2.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
save
bof
configure
debug
li
[url] string
set
time
[system-time] string
| Synopsis | System date and time | |
| Context | admin set time [system-time] string | |
| Tree | [system-time] | |
Description | This command sets the system date and time. The time zone may optionally be specified. When the time zone is not specified, the system uses the configured system time zone. | |
Notes | This element is mandatory. | |
| Introduced | 19.10.R1 | |
Platforms | All |
show
configuration
| Synopsis | Show the current configuration | |
| Context | admin show configuration | |
| Tree | configuration | |
| Introduced | 16.0.R1 | |
Platforms | All |
bof
| Synopsis | Show the BOF region configuration | |
| Context | admin show configuration bof | |
| Tree | bof | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
| Introduced | 20.10.R1 | |
Platforms | All |
booted
| Synopsis | Show the booted BOF configuration | |
| Context | admin show configuration booted | |
| Tree | booted | |
Notes | The following elements are part of a choice: booted or cflash-id. | |
| Introduced | 20.10.R1 | |
Platforms | All |
cflash-id string
| Synopsis | Show the BOF configuration file on a compact flash | |
| Context | admin show configuration cflash-id string | |
| Tree | cflash-id | |
| String Length | 4 to 6 | |
Notes | The following elements are part of a choice: booted or cflash-id. | |
| Introduced | 20.10.R1 | |
Platforms | All |
[cli-path] string
| Synopsis | Absolute path or relative path from '/' | |
| Context | admin show configuration [cli-path] string | |
| Tree | [cli-path] | |
| Introduced | 21.10.R1 | |
Platforms | All |
configure
| Synopsis | Show the configure region configuration | |
| Context | admin show configuration configure | |
| Tree | configure | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
| Introduced | 20.7.R1 | |
Platforms | All |
converted
| Synopsis | Include converted third-party model configuration | |
| Context | admin show configuration converted | |
| Tree | converted | |
Description | This option specifies the inclusion of converted configuration values from third-party models in the output and is only available when configure system management-interface yang-modules openconfig-modules is set to true. This option should only be used in the configure region when third-party models are used. The output with this option is the same as admin show configuration when used in other configuration regions. | |
| Introduced | 24.3.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
debug
| Synopsis | Show the debug region configuration | |
| Context | admin show configuration debug | |
| Tree | debug | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
| Introduced | 21.5.R1 | |
Platforms | All |
depth number
| Synopsis | Depth limit from the pwc | |
| Context | admin show configuration depth number | |
| Tree | depth | |
| Range | 1 to 4294967040 | |
| Introduced | 23.10.R1 | |
Platforms | All |
detail
| Synopsis | Include default and unconfigured values | |
| Context | admin show configuration detail | |
| Tree | detail | |
| Introduced | 20.7.R1 | |
Platforms | All |
differences
| Synopsis | Include values each module attempts to set when they are different | |
| Context | admin show configuration differences | |
| Tree | differences | |
Notes | The following elements are part of a choice: differences, model, or values. | |
| Introduced | 24.3.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
flat
| Synopsis | Show the context from the pwc on each line | |
| Context | admin show configuration flat | |
| Tree | flat | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
| Introduced | 20.7.R1 | |
Platforms | All |
full-context
| Synopsis | Show the full context on each line | |
| Context | admin show configuration full-context | |
| Tree | full-context | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
| Introduced | 20.7.R1 | |
Platforms | All |
inheritance
| Synopsis | Include configuration inherited from configuration groups | |
| Context | admin show configuration inheritance | |
| Tree | inheritance | |
Description | This option specifies the inclusion of configuration inherited from configuration groups in the output. This option should only be used in the configure region when configuration groups are used. The output with this option is the same as admin show configuration when used in other configuration regions. | |
| Introduced | 24.3.R1 | |
Platforms | All |
intended
| Synopsis | Show the intended configuration | |
| Context | admin show configuration intended | |
| Tree | intended | |
Notes | The following elements are part of a choice: intended or running. | |
| Introduced | 20.7.R1 | |
Platforms | All |
json
| Synopsis | Show the output in indented JSON format | |
| Context | admin show configuration json | |
| Tree | json | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
| Introduced | 19.10.R1 | |
Platforms | All |
li
| Synopsis | Show the LI region configuration | |
| Context | admin show configuration li | |
| Tree | li | |
Notes | The following elements are part of a choice: bof, configure, debug, or li. | |
| Introduced | 19.10.R1 | |
Platforms | All |
model keyword
| Synopsis | Limit converted output to values for specified model-name | |
| Context | admin show configuration model keyword | |
| Tree | model | |
| Options | all – All models openconfig – OpenConfig models | |
| Default | all | |
Notes |
The following elements are part of a choice: differences, model, or values. | |
| Introduced | 24.3.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
running
| Synopsis | Show the running configuration | |
| Context | admin show configuration running | |
| Tree | running | |
Notes | The following elements are part of a choice: intended or running. | |
| Introduced | 20.7.R1 | |
Platforms | All |
units
| Synopsis | Include unit types for applicable elements | |
| Context | admin show configuration units | |
| Tree | units | |
| Introduced | 20.10.R1 | |
Platforms | All |
values
| Synopsis | Include values each module attempts to set | |
| Context | admin show configuration values | |
| Tree | values | |
Notes | The following elements are part of a choice: differences, model, or values. | |
| Introduced | 24.3.R1 | |
Platforms | 7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS |
xml
| Synopsis | Show the output in indented XML format | |
| Context | admin show configuration xml | |
| Tree | xml | |
Notes | The following elements are part of a choice: flat, full-context, json, or xml. | |
| Introduced | 20.7.R1 | |
Platforms | All |
support-mode
| Synopsis | Enable the kernel and shell commands | |
| Context | admin support-mode | |
| Tree | support-mode | |
Description | Commands in this context enable the kernel and shell commands. Note: These commands should be used only with authorized direction from Nokia support. | |
| Introduced | 16.0.R4 | |
Platforms | All |
password
| Synopsis | Enter support mode command passwords | |
| Context | admin support-mode password | |
| Tree | password | |
| Introduced | 23.10.R1 | |
Platforms | All |
kernel string
| Synopsis | Kernel command password | |
| Context | admin support-mode password kernel string | |
| Tree | kernel | |
| String Length | 1 to 199 | |
Notes | The following elements are part of a mandatory choice: kernel or shell. | |
| Introduced | 23.10.R1 | |
Platforms | All |
shell string
| Synopsis | Shell command password | |
| Context | admin support-mode password shell string | |
| Tree | shell | |
| String Length | 1 to 199 | |
Notes | The following elements are part of a mandatory choice: kernel or shell. | |
| Introduced | 23.10.R1 | |
Platforms | All |
system
license
activate
[file-url] string
| Synopsis | Location of the license file to activate | |
| Context | admin system license activate [file-url] string | |
| Tree | [file-url] | |
| String Length | 1 to 256 | |
| Introduced | 19.10.R1 | |
Platforms | All |
now
clear
now
validate
[file-url] string
| Synopsis | Location of the license file to validate | |
| Context | admin system license validate [file-url] string | |
| Tree | [file-url] | |
| String Length | 1 to 256 | |
| Introduced | 19.10.R1 | |
Platforms | All |
management-interface
| Synopsis | Enter the management-interface context | |
| Context | admin system management-interface | |
| Tree | management-interface | |
| Introduced | 21.5.R1 | |
Platforms | All |
commit
| Synopsis | Enter the commit context | |
| Context | admin system management-interface commit | |
| Tree | commit | |
| Introduced | 23.10.R1 | |
Platforms | All |
confirmed
accept
cancel
operations
| Synopsis | Enter the operations context | |
| Context | admin system management-interface operations | |
| Tree | operations | |
Description | Commands in this context are used to manage YANG-based operations (for example, admin reboot, or ping) in model-driven interfaces. | |
| Introduced | 21.5.R1 | |
Platforms | All |
delete-operation
| Synopsis | Stop and remove an operation | |
| Context | admin system management-interface operations delete-operation | |
| Tree | delete-operation | |
Description | This command removes an operation and all status and data associated with it. If the operation was executing, it is stopped before removal. | |
| Introduced | 21.5.R1 | |
Platforms | All |
[delete-id] number
| Synopsis | ID of the operation to remove | |
| Context | admin system management-interface operations delete-operation [delete-id] number | |
| Tree | [delete-id] | |
| Range | 1 to 10000 | |
Notes | This element is mandatory. | |
| Introduced | 21.5.R1 | |
Platforms | All |
op-table-bypass boolean
| Synopsis | Avoid operation ID allocation | |
| Context | admin system management-interface operations delete-operation op-table-bypass boolean | |
| Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
| Introduced | 21.5.R1 | |
Platforms | All |
stop-operation
| Synopsis | Stop the execution of an operational command | |
| Context | admin system management-interface operations stop-operation | |
| Tree | stop-operation | |
Description | This command stops the execution of an operational command. An operation launched as "asynchronous" is not deleted from the system when it is stopped. Status and other data associated with the operation persist until the operation is explicitly deleted using the delete operation command or a retention timeout. | |
| Introduced | 21.5.R1 | |
Platforms | All |
op-table-bypass boolean
| Synopsis | Avoid operation ID allocation | |
| Context | admin system management-interface operations stop-operation op-table-bypass boolean | |
| Tree | op-table-bypass | |
Description | When configured to true, the system bypasses the YANG-based operations infrastructure and avoids the allocation of an operation ID. This is useful if the global operations table is full and a delete operation or admin disconnect is required. | |
| Introduced | 21.5.R1 | |
Platforms | All |
[stop-id] number
| Synopsis | ID of the operation to stop | |
| Context | admin system management-interface operations stop-operation [stop-id] number | |
| Tree | [stop-id] | |
| Range | 1 to 10000 | |
Notes | This element is mandatory. | |
| Introduced | 21.5.R1 | |
Platforms | All |
security
hash-control
| Synopsis | Enter the hash-control context | |
| Context | admin system security hash-control | |
| Tree | hash-control | |
| Introduced | 16.0.R6 | |
Platforms | All |
custom-hash
| Synopsis | Custom encryption | |
| Context | admin system security hash-control custom-hash | |
| Tree | custom-hash | |
| Introduced | 16.0.R6 | |
Platforms | All |
algorithm keyword
| Synopsis | Algorithm for custom encryption | |
| Context | admin system security hash-control custom-hash algorithm keyword | |
| Tree | algorithm | |
Description | This command configures the algorithm for custom encryption. The encryption uses ECB mode, PKCS#7 padding, and Base64 encoding. | |
| Options | 3des – DES-EDE3-ECB with PKCS #5 padding aes128 – AES-128-ECB with PKCS #7 padding aes192 – AES-192-ECB with PKCS #7 padding aes256 – AES-256-ECB with PKCS #7 padding | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R6 | |
Platforms | All |
key string
| Synopsis | Key for encryption algorithm | |
| Context | admin system security hash-control custom-hash key string | |
| Tree | key | |
| String Length | 1 to 71 | |
Notes | This element is mandatory. | |
| Introduced | 16.0.R6 | |
Platforms | All |
remove-custom-hash
| Synopsis | Remove the custom encryption | |
| Context | admin system security hash-control remove-custom-hash | |
| Tree | remove-custom-hash | |
| Introduced | 20.10.R1 | |
Platforms | All |
pki
clear-ocsp-cache
| Synopsis | Clear the current OCSP response cache | |
| Context | admin system security pki clear-ocsp-cache | |
| Tree | clear-ocsp-cache | |
| Introduced | 23.3.R1 | |
Platforms | All |
[entry-id] number
| Synopsis | Local OCSP response cache entry ID to clear | |
| Context | admin system security pki clear-ocsp-cache [entry-id] number | |
| Tree | [entry-id] | |
| Range | 1 to 2000 | |
| Introduced | 23.3.R1 | |
|
Platforms | All |
cmpv2
cert-request
| Synopsis | Request an additional certificate | |
| Context | admin system security pki cmpv2 cert-request | |
| Tree | cert-request | |
Description | When specified, the system requests an additional certificate after the initial certificate has been obtained from the CA. The request is authenticated by a signature signed by the current key, along with the current certificate. The hash algorithm used for the signature depends on the key type:
CA may not return a certificate immediately, for example, if the request process requires manual intervention. The poll command can be used to poll the status of the request. | |
| Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 cert-request ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
current-certificate string
| Synopsis | Existing imported certificate file to create request | |
| Context | admin system security pki cmpv2 cert-request current-certificate string | |
| Tree | current-certificate | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
current-key string
| Synopsis | Imported key file used to create the request | |
| Context | admin system security pki cmpv2 cert-request current-key string | |
| Tree | current-key | |
Description | This command specifies the imported key file corresponding to the existing imported certificate file used to create the request. | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
| Synopsis | FQDNs for the Subject Alternative Name | |
| Context | admin system security pki cmpv2 cert-request domain-name string | |
| Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
| String Length | 1 to 512 | |
| Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki cmpv2 cert-request hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 23.3.R1 | |
Platforms |
All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address for the Subject Alternative Name | |
| Context | admin system security pki cmpv2 cert-request ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
| Introduced | 23.3.R1 | |
Platforms | All |
new-key string
save-as string
subject-dn string
| Synopsis | Subject of the requesting certificate | |
| Context | admin system security pki cmpv2 cert-request subject-dn string | |
| Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
| String Length | 1 to 256 | |
| Introduced | 23.3.R1 | |
Platforms | All |
clear-request
| Synopsis | Clear pending CMPv2 requests | |
| Context | admin system security pki cmpv2 clear-request | |
| Tree | clear-request | |
Description | When specified, the system clears pending CMPv2 requests for the specified CA. If no requests are pending, the system clears the saved result of the previous request | |
| Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 clear-request ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
initial-registration
| Synopsis | Request initial certificate using the CMPv2 protocol | |
| Context | admin system security pki cmpv2 initial-registration | |
| Tree | initial-registration | |
Description | When specified, the system requests the initial certificate from the CA using the CMPv2 initial registration procedure. The ca-profile parameter specifies a CA profile which includes CMP server information. The key-to-certify parameter is an imported key file to be certified by the CA. The request is authenticated via one of the following methods:
The subject-dn command specifies the subject of the requesting certificate. The save-as command specifies the full path name for saving the result certificate. The CA may not return the certificate immediately, for example, if the request process requires manual intervention. In such cases, the poll command can be used to poll the status of the request. | |
| Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 initial-registration ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
certificate string
| Synopsis | Filename of the certificate for the protection key | |
| Context | admin system security pki cmpv2 initial-registration certificate string | |
| Tree | certificate | |
| String Length | 1 to 95 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
| Synopsis | FQDNs for the Subject Alternative Name | |
| Context | admin system security pki cmpv2 initial-registration domain-name string | |
| Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
| String Length | 1 to 512 | |
| Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki cmpv2 initial-registration hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
|
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 23.3.R1 | |
Platforms | All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address for the Subject Alternative Name | |
| Context | admin system security pki cmpv2 initial-registration ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
| Introduced | 23.3.R1 | |
Platforms | All |
key-to-certify string
| Synopsis | Name of the key file used to create initial request | |
| Context | admin system security pki cmpv2 initial-registration key-to-certify string | |
| Tree | key-to-certify | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
password string
| Synopsis | Password for message protection | |
| Context | admin system security pki cmpv2 initial-registration password string | |
| Tree | password | |
| String Length | 1 to 64 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 23.3.R1 | |
Platforms | All |
protection-key string
| Synopsis | Key file used to generate message protection signature | |
| Context | admin system security pki cmpv2 initial-registration protection-key string | |
| Tree | protection-key | |
| String Length | 1 to 95 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 23.3.R1 | |
Platforms | All |
reference string
| Synopsis | Password reference number | |
| Context | admin system security pki cmpv2 initial-registration reference string | |
| Tree | reference | |
| String Length | 1 to 64 | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 23.3.R1 | |
Platforms | All |
save-as string
send-chain
| Synopsis | Send a certificate chain | |
| Context | admin system security pki cmpv2 initial-registration send-chain | |
| Tree | send-chain | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 23.3.R1 | |
Platforms | All |
subject-dn string
| Synopsis | Subject of the requesting certificate | |
| Context | admin system security pki cmpv2 initial-registration subject-dn string | |
| Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
| String Length | 1 to 256 | |
| Introduced | 23.3.R1 | |
Platforms | All |
with-ca reference
| Synopsis | Name of CA profile with certificate in the send chain | |
| Context | admin system security pki cmpv2 initial-registration with-ca reference | |
| Tree | with-ca | |
Reference | state system security pki ca-profile string | |
Notes | The following elements are part of a mandatory choice: (certificate, hash-algorithm, protection-key, send-chain, and with-ca) or (password and reference). | |
| Introduced | 23.3.R1 | |
Platforms | All |
key-update
| Synopsis | Request new certificate to update existing certificate | |
| Context | admin system security pki cmpv2 key-update | |
| Tree | key-update | |
Description | When specified, the system requests a new certificate from the CA to update an existing certificate due to reasons such as a key refresh or to replace a compromised key. The CA may not return the certificate immediately, for example, if the request process requires manual intervention. In these cases, the poll command can be used to poll the status of the request. | |
| Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 key-update ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki cmpv2 key-update hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 23.3.R1 | |
Platforms |
All |
new-key string
old-certificate string
| Synopsis | Name of the old certificate file to be replaced | |
| Context | admin system security pki cmpv2 key-update old-certificate string | |
| Tree | old-certificate | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
old-key string
save-as string
poll
| Synopsis | Poll the CMPv2 server for pending request status | |
| Context | admin system security pki cmpv2 poll | |
| Tree | poll | |
Description | When specified, the system polls the status of the pending CMPv2 request toward the specified CA. If the response is ready, the system resumes the CMPv2 protocol exchange with the server. SR OS allows only one pending CMP request per CA; therefore, no new request is allowed when a pending request is present. | |
| Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki cmpv2 poll ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
convert-file
| Synopsis | Convert imported file between secure and legacy format | |
| Context | admin system security pki convert-file | |
| Tree | convert-file | |
| Introduced | 23.3.R1 | |
Platforms | All |
force
format keyword
[input-file] string
| Synopsis | Name of the file to be converted | |
| Context | admin system security pki convert-file [input-file] string | |
| Tree | [input-file] | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
[output-file] string
| Synopsis | Output filename | |
| Context | admin system security pki convert-file [output-file] string | |
| Tree | [output-file] | |
Description | This command specifies the output filename. If the filename already exists, the system prompts the user to proceed or aborts if the force command is unconfigured. | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
crl-update
| Synopsis | Trigger the CRL update for the CA profile | |
| Context | admin system security pki crl-update | |
| Tree | crl-update | |
| Introduced | 23.3.R1 | |
Platforms | All |
ca-profile reference
| Synopsis | PKI CA profile name | |
| Context | admin system security pki crl-update ca-profile reference | |
| Tree | ca-profile | |
Description | This command configures the CA profile that contains the CMPv2 configuration like server URL. | |
Reference | state system security pki ca-profile string | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
est
ca-certificates
| Synopsis | Download CA certificates from the EST server | |
| Context | admin system security pki est ca-certificates | |
| Tree | ca-certificates | |
Description | This command downloads a Certificate Authority (CA) certificate from an EST server specified by the profile name. | |
| Introduced | 23.3.R1 | |
Platforms | All |
est-profile string
| Synopsis | PKI EST profile name | |
| Context | admin system security pki est ca-certificates est-profile string | |
| Tree | est-profile | |
| String Length | 1 to 32 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
force
output-url string
| Synopsis | Path to the result file | |
| Context | admin system security pki est ca-certificates output-url string | |
| Tree | output-url | |
| String Length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
enroll
| Synopsis | Enroll a new certificate with CA with the EST protocol | |
| Context | admin system security pki est enroll | |
| Tree | enroll | |
Description | When specified, the system enrolls a new certificate with Certificate Authority (CA) by the EST protocol specified with the est-profile command with a imported private key specified by the key command. The est-profile commad specifies the authentication between the system and EST server. The hash-alg, subject-dn, domain-name, and ip-address commands are used to generate the Certificate Signing Request (CSR) in the EST request message. The domain-name and ip-address commands are used as subject alternative names. If validate-certificate-chain is specified, the system validates the chain of result certificate before importing it. The certificate chain is the chain of all certificates from the result certificate to the issuing CA. The result certificate is the new certificate returned by the EST server. The result certificate is imported and saved with the filename specified by the output-file command. If the force command is specified, the system overwrites the existing file with same name as the output file. | |
| Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
| Synopsis | FQDNs for the Subject Alternative Name | |
| Context | admin system security pki est enroll domain-name string | |
| Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
| String Length | 1 to 512 | |
| Introduced | 23.3.R1 | |
Platforms | All |
est-profile string
| Synopsis | PKI EST profile name | |
| Context | admin system security pki est enroll est-profile string | |
| Tree | est-profile | |
| String Length | 1 to 32 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
force
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki est enroll hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 23.3.R1 | |
Platforms |
All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address for the Subject Alternative Name | |
| Context | admin system security pki est enroll ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
| Introduced | 23.3.R1 | |
Platforms | All |
key string
output-file string
| Synopsis | Name of the result file | |
| Context | admin system security pki est enroll output-file string | |
| Tree | output-file | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
subject-dn string
| Synopsis | Subject of the requesting certificate | |
| Context | admin system security pki est enroll subject-dn string | |
| Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
| String Length | 1 to 256 | |
| Introduced | 23.3.R1 | |
Platforms | All |
validate-certificate-chain
| Synopsis | Validate result certificate chain before importing | |
| Context | admin system security pki est enroll validate-certificate-chain | |
| Tree | validate-certificate-chain | |
| Introduced | 23.3.R1 | |
Platforms | All |
renew
| Synopsis | Renew a CA certificate using the EST protocol | |
| Context | admin system security pki est renew | |
| Tree | renew | |
Description | When specified, the system renews an imported certificate (specified by the certificate command) with a Certificate Authority (CA) using the EST protocol specified by the est-profile parameter, with an imported private key specified the key command. The key can be either the key of the certificate to be renewed or a new key. The authentication between system and EST server is specified by the est-profile parameter. The system uses the hash-alg command to generate the CSR in the EST request message. | |
| Introduced | 23.3.R1 | |
Platforms | All |
certificate string
| Synopsis | Name of the imported certificate file to renew | |
| Context | admin system security pki est renew certificate string | |
| Tree | certificate | |
| String Length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
est-profile string
| Synopsis | PKI EST profile name | |
| Context | admin system security pki est renew est-profile string | |
| Tree | est-profile | |
| String Length | 1 to 32 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
force
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki est renew hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 23.3.R1 | |
Platforms |
All |
key string
output-file string
| Synopsis | Name of the result file | |
| Context | admin system security pki est renew output-file string | |
| Tree | output-file | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
validate-certificate-chain
| Synopsis | Validate result certificate chain before importing | |
| Context | admin system security pki est renew validate-certificate-chain | |
| Tree | validate-certificate-chain | |
| Introduced | 23.3.R1 | |
Platforms | All |
export
format keyword
input-file string
| Synopsis | Name of the file to be exported | |
| Context | admin system security pki export input-file string | |
| Tree | input-file | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
key-file string
| Synopsis | Name of the key file to be exported | |
| Context | admin system security pki export key-file string | |
| Tree | key-file | |
Description | This command specifies the name of the key file to be exported when the output format may contain the certificate and the key. | |
| String Length | 1 to 95 | |
| Introduced | 23.3.R1 | |
Platforms | All |
output-url string
| Synopsis | Full path to export the result file | |
| Context | admin system security pki export output-url string | |
| Tree | output-url | |
| String Length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
password string
type keyword
generate-csr
| Synopsis | Generate a PKCS#10 certificate signing request file | |
| Context | admin system security pki generate-csr | |
| Tree | generate-csr | |
| Introduced | 23.3.R1 | |
Platforms | All |
domain-name string
| Synopsis | FQDNs for the Subject Alternative Name | |
| Context | admin system security pki generate-csr domain-name string | |
| Tree | domain-name | |
Description | This command specifies the Fully Qualified Domain Names (FQDNs) for the Subject Alternative Name extension of the requesting certificate, separated by commas. | |
| String Length | 1 to 512 | |
| Introduced | 23.3.R1 | |
Platforms | All |
hash-algorithm keyword
| Synopsis | Hash algorithm used for the certificate signature | |
| Context | admin system security pki generate-csr hash-algorithm keyword | |
| Tree | hash-algorithm | |
| Options | ||
| Introduced | 23.3.R1 | |
Platforms |
All |
ip-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address for the Subject Alternative Name | |
| Context | admin system security pki generate-csr ip-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | ip-address | |
Description | This command specifies an IPv4 or IPv6 address for the Subject Alternative Name extension of the requesting certificate. | |
| Introduced | 23.3.R1 | |
Platforms | All |
key-url string
output-url string
| Synopsis | Full path to result certificate signing request file | |
| Context | admin system security pki generate-csr output-url string | |
| Tree | output-url | |
| String Length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
subject-dn string
| Synopsis | Subject of the requesting certificate | |
| Context | admin system security pki generate-csr subject-dn string | |
| Tree | subject-dn | |
Description | This command specifies the subject DN attributes used in the certificate request. The format is a comma separated list with the format attr1=val1, attr2=val2, where attrN={C | ST | O | OU | CN}. | |
| String Length | 1 to 256 | |
| Introduced | 23.3.R1 | |
Platforms | All |
use-printable
| Synopsis | Force ASCII encoding for input subject DN attributes | |
| Context | admin system security pki generate-csr use-printable | |
| Tree | use-printable | |
Description | When specified, the system forces the use of ASCII encoding for the input subject DN attributes. Otherwise, the system uses UTF-8 encoding. | |
| Introduced | 23.3.R1 | |
Platforms | All |
generate-keypair
| Synopsis | Generate PKI key pair | |
| Context | admin system security pki generate-keypair | |
| Tree | generate-keypair | |
Description | When specified, the system generates an RSA, DSA, or ECDSA private/public key pair file | |
| Introduced | 23.3.R1 | |
Platforms | All |
dsa-key-size number
| Synopsis | Length of the DSA key to be generated | |
| Context | admin system security pki generate-keypair dsa-key-size number | |
| Tree | dsa-key-size | |
| Range | 512 to 8192 | |
| Default | 2048 | |
Notes |
The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
| Introduced | 23.3.R1 | |
Platforms | All |
ecdsa-curve keyword
| Synopsis | Elliptic curve of the ECDSA key to be generated | |
| Context | admin system security pki generate-keypair ecdsa-curve keyword | |
| Tree | ecdsa-curve | |
| Options | ||
| Default | secp256r1 | |
Notes | The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
| Introduced | 23.3.R1 | |
Platforms | All |
rsa-key-size number
| Synopsis | Length of the RSA key to be generated | |
| Context | admin system security pki generate-keypair rsa-key-size number | |
| Tree | rsa-key-size | |
| Range | 512 to 8192 | |
| Default | 2048 | |
Notes |
The following elements are part of a mandatory choice: dsa-key-size, ecdsa-curve, or rsa-key-size. | |
| Introduced | 23.3.R1 | |
Platforms | All |
[save-path] string
| Synopsis | Full path to save the result key file | |
| Context | admin system security pki generate-keypair [save-path] string | |
| Tree | [save-path] | |
| String Length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
import
| Synopsis | Import a certificate related file | |
| Context | admin system security pki import | |
| Tree | import | |
Description | When specified, the system imports an input file (key/certificate/CRL) to be used by SROS applications. The following summarizes the supported formats:
| |
| Introduced | 23.3.R1 | |
Platforms | All |
format keyword
input-url string
output-file string
| Synopsis | Name of the result file | |
| Context | admin system security pki import output-file string | |
| Tree | output-file | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
password string
type keyword
validate-certificate-chain
| Synopsis | Validate the certificate chain | |
| Context | admin system security pki import validate-certificate-chain | |
| Tree | validate-certificate-chain | |
Description | When specified, the system validates the result certificate chain before it is imported. | |
| Introduced | 23.3.R1 | |
Platforms | All |
reload
| Synopsis | Reload key or certificate files | |
| Context | admin system security pki reload | |
| Tree | reload | |
Description | When specified, the system reloads the key or certificate files for the specified application.This command can be used to ensure a changed imported file takes effect. | |
| Introduced | 23.3.R1 | |
Platforms | All |
application keyword
| Synopsis | Application to be reloaded | |
| Context | admin system security pki reload application keyword | |
| Tree | application | |
| Options | ||
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
certificate string
| Synopsis | Name of the certificate file to reload | |
| Context | admin system security pki reload certificate string | |
| Tree | certificate | |
| String Length | 1 to 95 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
key string
show
file-content
| Synopsis | Display content of certificate related files | |
| Context | admin system security pki show file-content | |
| Tree | file-content | |
| Introduced | 23.3.R1 | |
Platforms | All |
[file-path] string
| Synopsis | Full path to the file to display | |
| Context | admin system security pki show file-content [file-path] string | |
| Tree | [file-path] | |
| String Length | 1 to 200 | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
format keyword
password string
type keyword
update-certificate
| Synopsis | Update End Entity certificate | |
| Context | admin system security pki update-certificate | |
| Tree | update-certificate | |
Description | When specified, the system triggers an update for the specified certificate according to the corresponding configure system security pki certificate-auto-update configuration. | |
| Introduced | 23.3.R1 | |
Platforms | All |
certificate reference
| Synopsis | Name of the certificate file to be updated | |
| Context | admin system security pki update-certificate certificate reference | |
| Tree | certificate | |
Reference | state system security pki certificate-auto-update string | |
Notes | This element is mandatory. | |
| Introduced | 23.3.R1 | |
Platforms | All |
secure-boot
| Synopsis | Enter the secure-boot context | |
| Context | admin system security secure-boot | |
| Tree | secure-boot | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
activate
| Synopsis | Activate secure boot on a CPM | |
| Context | admin system security secure-boot activate | |
| Tree | activate | |
Description | This command activates Secure Boot to enforce digital signature verification of the software on every boot. Once Secure Boot is activated on a CPM, the capability is permanently enabled and cannot be disabled. | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
card reference
| Synopsis | CPM slot where secure boot is activated or modified | |
| Context | admin system security secure-boot activate card reference | |
| Tree | card | |
Reference | state cpm string | |
Notes | This element is mandatory. | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
confirmation-code string
| Synopsis | Confirmation code | |
| Context | admin system security secure-boot activate confirmation-code string | |
| Tree | confirmation-code | |
| String Length | 1 to 32 | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
serial-number string
| Synopsis | CPM card serial number which secure-boot activates | |
| Context | admin system security secure-boot activate serial-number string | |
| Tree | serial-number | |
| String Length | 1 to 32 | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
revoke-key
| Synopsis | Revoke secure boot keys | |
| Context | admin system security secure-boot revoke-key | |
| Tree | revoke-key | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
card reference
| Synopsis | CPM slot where secure boot is activated or modified | |
| Context | admin system security secure-boot revoke-key card reference | |
| Tree | card | |
Reference | state cpm string | |
Notes | This element is mandatory. | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
confirmation-code string
| Synopsis | Confirmation code | |
| Context | admin system security secure-boot revoke-key confirmation-code string | |
| Tree | confirmation-code | |
| String Length | 1 to 32 | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
serial-number string
| Synopsis | CPM card serial number which secure-boot activates | |
| Context | admin system security secure-boot revoke-key serial-number string | |
| Tree | serial-number | |
| String Length | 1 to 32 | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
update-key
| Synopsis | Update secure boot keys | |
| Context | admin system security secure-boot update-key | |
| Tree | update-key | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
card reference
| Synopsis | CPM slot where secure boot is activated or modified | |
| Context | admin system security secure-boot update-key card reference | |
| Tree | card | |
Reference | state cpm string | |
Notes | This element is mandatory. | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
confirmation-code string
| Synopsis | Confirmation code | |
| Context | admin system security secure-boot update-key confirmation-code string | |
| Tree | confirmation-code | |
| String Length | 1 to 32 | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
serial-number string
| Synopsis | CPM card serial number which secure-boot activates | |
| Context | admin system security secure-boot update-key serial-number string | |
| Tree | serial-number | |
| String Length | 1 to 32 | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
software-image string
| Synopsis | Location of the target software image | |
| Context | admin system security secure-boot update-key software-image string | |
| Tree | software-image | |
| String Length | 1 to 180 | |
Notes | This element is mandatory. | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
validate
software-image string
| Synopsis | Location of the target software image | |
| Context | admin system security secure-boot validate software-image string | |
| Tree | software-image | |
| String Length | 1 to 180 | |
Notes | This element is mandatory. | |
| Introduced | 23.7.R1 | |
Platforms | 7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-s, 7950 XRS-20e |
system-password
| Synopsis | Change a local system password | |
| Context | admin system security system-password | |
| Tree | system-password | |
| Introduced | 22.10.R2 | |
Platforms | All |
admin-password
| Synopsis | Administrative password | |
| Context | admin system security system-password admin-password | |
| Tree | admin-password | |
Notes | This element is mandatory. | |
| Introduced | 22.10.R2 | |
Platforms | All |
telemetry
grpc
cancel
all
subscription-id number
| Synopsis | ID of the telemetry subscription to cancel | |
| Context | admin system telemetry grpc cancel subscription-id number | |
| Tree | subscription-id | |
| Max. Range | 0 to 4294967295 | |
Notes | The following elements are part of a mandatory choice: all or subscription-id. | |
| Introduced | 19.10.R1 | |
Platforms | All |
tech-support
| Synopsis | Save technical support information to a file | |
| Context | admin tech-support | |
| Tree | tech-support | |
| Introduced | 20.10.R1 | |
Platforms | All |
[url] string
| Synopsis | URL to save technical support information | |
| Context | admin tech-support [url] string | |
| Tree | [url] | |
| String Length | 1 to 180 | |
| Introduced | 20.10.R1 | |
Platforms | All |