Use the certificate commands to create a certificate signing request (CSR), and to install server, CA (certificate authority), or trusted path certificates on the Guardium® system.
Creates a Certificate Signed Request (CSR) for the Guardium system. Do not perform this action until after the system network configuration parameters are set. Within the generated CSR, the common name (CN) is created automatically from the host and domain names assigned.
create csr alias creates a certificate request with an alias.
create csr gui creates a certificate request for the tomcat.
create csr sniffer creates a certificate request for the sniffer.
create csr squid creates a certificate signing request and associated key, which must be signed by a certificate authority. A matching certificate must then be supplied by using the store certificate squid selfsign command.
Syntax
create csr <alias | gui | sniffer | squid>
Backs up and then deletes the most recent squid certificate that is used to configure the SSL connection.
Syntax
delete certificate squid
Restores the certificate keystore to the last certificate keystore on record or the default certificate keystore that was originally provided.
restore certificate keystore backup restores the certificate keystore to the last saved certificate keystore.
restore certificate keystore default restores the certificate keystore to the default value that was supplied with the system.
Syntax
restore certificate keystore <backup | default>
Restores the client certificate to the last certificate on record.
restore certificate mysql backup restores the last saved mysql certificate.
Syntax
restore certificate mysql <backup>
Restores the client certificate to the last certificate on record.
restore certificate mysql backup client ca restores the last saved client certificate authority (CA) certificate.
restore certificate mysql backup client cert restores the last saved client certificate.
Syntax
restore certificate mysql backup client <ca | cert>
Restores the server certificate to the last certificate on record.
restore certificate mysql backup server ca restores the last saved server certificate authority (CA) certificate.
restore certificate mysql backup server cert restores the last saved server certificate.
Syntax
restore certificate mysql backup server <ca | cert>
Restores the mysql client certificate to the default version that was supplied with the system.
restore certificate mysql default client ca restores the mysql client ca certificate to the default version that was supplied with the system.
restore certificate mysql default client cert restores the mysql client cert certificate to the default version that was supplied with the system.
Syntax
restore certificate mysql default client <ca | cert>
Restores the mysql server certificate to the default version that was supplied with the system.
restore certificate mysql default server ca restores the mysql server ca certificate to the default version that was supplied with the system.
restore certificate mysql default server cert restores the mysql server certificate to the default version that was supplied with the system.
Syntax
restore certificate mysql default server <ca | cert>
Restores the certificate to the last certificate on record.
restore certificate sniffer backup restores the sniffer certificate to the last saved sniffer certificate.
restore certificate sniffer default restores the sniffer certificate to the default sniffer certificate.
Syntax
restore certificate sniffer <backup | default>
Backup squid certificate key not found.
Backup squid certificate file not found.
errRestores the mysql client or server certificate key to the last saved value.
restore cert_key mysql backup client restores the last saved mysql client cert key.
restore cert_key mysql backup server restores the last saved mysql server cert key.
Syntax
restore cert_key mysql backup <client | server>
Restores the mysql client or server certificate key to the default version that was supplied with the system.
restore cert_key mysql default client restores the default mysql client cert key that was supplied with the system.
restore cert_key mysql default server restores the default mysql server cert key that was supplied with the system.
Syntax
restore cert_key mysql default <client | server>
Displays the summary of all certificates, certificate information, alias list, certificates in the keystore, and expired or soon-to-expire certificates.
This certificate authenticity can be verified by a Guardium CA (public key (contained in the CA certificate that is distributed with the client software). This certificate has either a customer company-unique CN (Common Name - for example, acme.com, or a machine-specific CN (for example x4.acme.com). This permits any client to establish that not only does the Guardium system have a valid certification (it is a real Guardium system), but also that it is a specific Guardium system (or a set of Guardium systems) that the client is supposed to connect to.
show certificate all displays a summary of all certificates.
show certificate gui displays all tomcat certificate information.
show certificate keystore displays all certificates in the keystore and an alias list for you to select which certificate to show.
show certificate mysql displays client and server mysql certificate information.
show certificate sniffer displays all sniffer certificate information.
show certificate squid displays all proxy server certificate information.
show certificate summary displays a summary of all certification information.
show certificate trusted displays all trusted certificate information.
show certificate warn_expired displays all expired certificates or certificates that expire in 6 months.
Syntax
show certificate <all | gui | keystore | mysql | sniffer | stap | squid | summary | trusted | warn_expired>
Displays certificate information in the keystore.
show certificate keystore all displays all certificates in the keystore.
show certificate keystore alias displays an alias list for you to select which certificate to show.
Syntax
show certificate keystore <all | alias>
Displays mysql certificate information.
Parameters
show certificate mysql client shows client mysql information.
show certificate mysql server shows server mysql information.
Syntax
show certificate mysql <client | server>
Stores a certificate. Paste your certificate in PEM format and include the BEGIN and END lines.
Parameter
store certificate alias stores a certificate in the keystore after a CSR has been generated.
store certificate gui stores the tomcat certificate in the keystore after a CSR has been generated.
store certificate keystore asks for a one-word alias to uniquely identify the trusted certificate and store it in the keystore.
store certificate mysql stores mysql client and server certificates.
store certificate sniffer stores sniffer certificates.
store certificate squid stores squid certificate.
store certificate stap stores S-TAP certificates.
Syntax
store certificate <gui | keystore | mysql | sniffer | squid | stap >
Stores a mysql client certificate.
store certificate mysql client ca stores client certificate authority (CA) certificates.
store certificate mysql client cert stores client certificates.
Syntax
store certificate mysql client <ca | cert>
Stores a mysql server certificate.
store certificate mysql server ca stores server certificate authority (CA) certificates.
store certificate mysql server cert stores server certificates.
Syntax
store certificate mysql server <ca | cert>
Stores the proxy server certificate.
store certificate squid caroot Stores a ca root certificate onto the Guardium system and configures SSL proxy settings.
store certificate squid default stores a signed key/certificate pair. If the certificate is self-signed, the ca root must also be provided to validate connections from applications that are signed by a trusted certificate authority. If the certificate is signed by a trusted certificate authority, providing the ca root is not mandatory.
store certificate squid selfsign stores a matching self-signed certificate and ca root to validate connections from applications that are signed by a trusted certificate authority. This command can be used only after you generate a csr and key by using the create csr squid command.
Syntax
store certificate squid <caroot | default | selfsign>
Stores the system certificate key and the certificate key of a mysql client and server.
store cert_key mysql stores the certificate key of a mysql client and server.
store cert_key sniffer stores the sniffer certificate key.
Syntax
store cert_key <mysql | sniffer>
Stores the certificate key of a mysql client or server.
store cert_key myself client stores the certificate key of a mysql client.
store cert_key myself server stores the certificate key of a mysql server.
Syntax
store cert_key mysql <client | server>
Stores the system certificate key. This command enables a user to set the system certificate that is used by the Guardium system (in communication with S-TAP®). The certificate can either be pasted from the console or imported via one of the standard import protocols. The certificate format should be PEM and should include the BEGIN and END delimiters. This certificate needs to be signed by a CA whose self-signed certificate is available to S-TAP software through the guardium_ca_path.
store cert_key sniffer console stores the sniffer certificate key by pasting the key into the console.
store cert_key sniffer import stores the sniffer certificate key by importing the key file.
Syntax
store cert_key sniffer <console | import>
Stores the proxy server certificate and the self-signed ca root certificate.
store sign certificate squid console stores the proxy server certificate and the self-signed ca root certificate by pasting the data into the console.
store sign certificate squid import stores the proxy server certificate and the self-signed ca root certificate by importing the associated files.
Syntax
store sign certificate squid <console | import>