gen-certreq

Use this command to generate a certificate signing request and private key for the named topology. The gen-certreq command is available from the topology:<named-topology>:l3 context of the CLI.

gen-certreq cn [(location country state city) (organization name unit) (email email-address)] [ipv6] [key-size 1024|2048]

Parameters

cn Common name that you want to assign to the controller interfaces. This is a mandatory parameter. If the common name is an IPv6 address, a [] is needed around the IPv6 address (see example, below).
location Keyword indicating that the next three parameters specify the location where the controller is operating.
country The name of the country where the controller is located. You must use the two-letter ISO abbreviation for the country.
state The name of the state or province where the controller is located.
city The name of the city where the controller is located.
organization Keyword indicating that the next two parameters specify the name of the organization to which the controller belongs.
name Organization name.
unit Organization unit name.
email Key word that identifies the following parameter as an email address.
email_addr Email address.
ipv6 Specifies that the certificate supports IPv6 addressing.
key-size Specifies that the certificate supports key size. Valid key size values are 1024 or 2048.

Usage

If a DNS name is used as the common name, a DNS lookup is performed. If the DNS name is not found, a warning is displayed.

Once the CSR file has been created, you can copy it to an FTP or SCP server using the command copy-csr. You can apply the certificate with the command cert.

Example

The following example shows a certificate request with a common name that is an IPv6 address:
EWC.extremenetworks.com:ap:topology:Seg1_Routed:l3# gen_certreq [fd66:2280:2668::12] location CA Ontario Mississauga organization mnj_Ware_House Service email me@email.com ipv6 key-size 2048