JANOS Help System: [Commands] [Topics] [Tech Support] [Printable Manual] [Search]
CERTMGR User Commands NAME certmgr - TLS/SSL Certificate Management SYNOPSIS certmgr OPTIONS DESCRIPTION JNIOR network connections support TLS v1.02 security. This insures that information passed over the connection is encrypted and unreadable. Most importantly this protects usernames and passwords which are normally required to gain access to the JNIOR. A Certificate is required during TLS negotiation. This not only verifies the identity of the JNIOR but also passes public key information. The CERTMGR command performs a number of functions related to keys and certificates. By default the JNIOR generates a unique and secret key pair. It then creates a self-signed certificate for use in negotiating a TLS connection. -V Verifies the current active keys and the associated certificate. -C [FILE] Regenerates the self-signed certificate. If FILE is specified an externally generated certificate is installed. This must be in PEM format. -A FILE Adds an intermediate certificate. The FILE must be in PEM format. -S FILE Validates the digital signature on the certificate in FILE. -K FILE Installs an RSA key pair from the FILE. The key file can be encrypted and the command will prompt for the password. -D [FILE] Dumps the current certificate or if FILE is specified the certificate within the file. This formats the ASN.1 content in a somewhat readable form. -E FILE Exports the current certificate to the FILE in PEM format. Note that the resulting file can be added to your computer's trusted certificate store allowing your browser to trust the JNIOR. This avoids warning messages. -P FILE This exports the current Public Key to FILE. The Private Key is secret and cannot be exported. -B Performs the certificate export in binary format. This option is used in conjunction with the -E export option. -G [BITS] Generates a new RSA Key Pair. This requests that a new key pair be generated and this is performed as a background process. By default a 1,024 bit key pair is generated. The optional BITS parameter can define a different bit length. Note that only a limit range of key sizes are possible. -X FILE This generates a Certificate Signing Request (CSR) from the installed RSA Key Pair. A CSR can be provided to a suitable Certificate Authority (CA) for signature. The resulting signed certificate can then be installed with the -C FILE option. The JNIOR would then be trusted by browsers. -R Restore default credentials. The JNIOR is shipped with a temporary 512 bit RSA key pair. Once up an running the JNIOR will generate a 1,024 bit key pair as a background task. This option resets the key pair and repeats that process. NOTES When IP addressing or the hostname is changed the JNIOR will automatically generate a new self-signed certificate. [/flash/manpages/manpages.hlp:3211]