generate command

Use the generate command to generate a private key and public key pair with a self-signed certificate or a certificate sign request.

The generate command is targeted to only the Remote Supervisor Adapter, Remote Supervisor Adapter II, and IMM. Specially, out-of-band mode of the command is supported for IMM only. The generate command generates a private key and public key pair with a self-signed certificate or certificate sign request (CSR). The generation can take a few seconds to complete, depending on the state of the Remote Supervisor Adapter, Remote Supervisor Adapter II, or IMM.

The generate command requires an Extensible Markup Language (XML) file that contains the certificate information that you want in the directory from which the ASU is running. When you extract the ASU files, a template file (template.xml) is extracted. This file provides an XML file with the correct syntax. Modify this XML file with the information you need to generate the selected certificate.

To learn more about supported commands of settings for IMM-based servers, see Supported commands for IMM-based certificate management.

Note: The XML file supports the self-signed certificate request and the certificate sign request (CSR). The start and end tag for the self-signed certificate is new_key_and_self_signed_cert_info. The start and end tag for a certificate sign request is new_key_and_cert_sign_req_info.

Template.xml

<?xml version="1.0" encoding="utf-8"?>
<asu version="2.1">
 <new_key_and_self_signed_cert_info>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>countryName</name>
    <value minlen="2" maxlen="2">xx</value>
   </item>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>stateOrProvinceName</name>
    <value minlen="1" maxlen="30">xx</value>
   </item>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>localityName</name>
    <value minlen="1" maxlen="50">xx</value>
   </item>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>organizationName</name>
    <value minlen="1" maxlen="60">xx</value>
   </item>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>commonName</name>
    <value minlen="1" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>Name</name>
    <value minlen="1" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>emailAddress</name>
    <value minlen="1" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>validityPeriod</name>
    <value minlen="0" maxlen="2">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>organizationalUnitName</name>
    <value minlen="0" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>Surname</name>
    <value minlen="0" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>givenName</name>
    <value minlen="0" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>Initials</name>
    <value minlen="0" maxlen="20">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>dnQualifier</name>
    <value minlen="0" maxlen="60">xx</value>
   </item>
 </new_key_and_self_signed_cert_info>
 <new_key_and_cert_sign_req_info>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>countryName</name>
    <value minlen="2" maxlen="2">xx</value>
   </item>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>stateOrProvinceName</name>
    <value minlen="1" maxlen="30">xx</value>
   </item>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>localityName</name>
    <value minlen="1" maxlen="50">xx</value>
   </item>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>organizationName</name>
    <value minlen="1" maxlen="60">xx</value>
   </item>
   <item type="Required">
    <vectorID>0001</vectorID>
    <name>commonName</name>
    <value minlen="1" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>Name</name>
    <value minlen="1" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>emailAddress</name>
    <value minlen="1" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>organizationalUnitName</name>
    <value minlen="0" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>Surname</name>
    <value minlen="0" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>givenName</name>
    <value minlen="0" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
  </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>Initials</name>
    <value minlen="0" maxlen="20">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0001</vectorID>
    <name>dnQualifier</name>
    <value minlen="0" maxlen="60">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0002</vectorID>
    <name>challengePassword</name>
    <value minlen="6" maxlen="30">xx</value>
   </item>
   <item type="Optional">
    <vectorID>0002</vectorID>
    <name>unstructuredName</name>
    <value minlen="1" maxlen="60">xx</value>
   </item>
 </new_key_and_cert_sign_req_info>
</asu>
Table 1. Explanation of XML
Item Description
Country name The two-letter ISO abbreviation for your country.
State or Province name The state or province where your organization is located. Do not abbreviate.
Locality name The city where your organization is located.
Organization name The exact legal name of your organization. Do not abbreviate.
Common name A fully qualified domain name that resolves to the SSL VPN device. For example, to secure the URL https://ssl.yourdomain.com, the common name of the certificate sign request should be ssl.yourdomain.com.
Name Optional field for entering a contact name.
Email address Optional field for entering a contact email address.
Organization unit name Optional field for the name of the unit in your organization.
Surname Optional field for entering the surname of a contact person.
givenName Optional field for entering the given name of a contact.
Initials Optional field for entering the initials of a contact name.
dnQualifier Optional field for entering the domain name qualifier.
Challenge password Optional attribute. If you specify a challenge password in the certificate sign request, you must know the challenge password if you want to revoke the certificate later.
unstructuredName Optional field for entering the unstructured name for a contact.

Notes

  1. The xx field requires user input. The minimum length for each vector (item) is identified by minlen=, and the maximum length is identified by maxlen=. For example, for the vector named stateOrProvinceName, the minlen is 1, the maxlen is 30, and a valid xx value is Vermont.
  2. Items that are identified as "Required" have to be updated with user data. Items that are identified as "Optional" do not have to be updated. If the optional items are not updated, remove them from the XML file.
  3. The ASU requires that you provide the XML file with the correct data for the generate command to run correctly.

Syntax

The syntax of the generate command is
asu generate setting xml_file [-nx] [connect_options]
where

setting is the name of a valid Remote Supervisor Adapter, Remote Supervisor Adapter II, or IMM setting, and xml_file is the name of an XML file that contains valid information.

When generating a SSH key in IMM, the syntax of the generate command is
asu generate setting [-nx] [connect_options]
because the xml_file is not required for generating an SSH key.

Notes

  1. If the optional -nx parameter is specified, the ASU performs the operation for node x, where x is the selected node in a multi-node system. Node x can be a number from 1 through 8. If the -nx parameter is not specified, the operation is performed on the primary node (node 1).
  2. The connect options are defined for IMM-based servers only. The --host ip_address, --user user_id, and --password password connect options are all required if you connect remotely to the IMM. The default user and password will not support an out-of-band connection now. The --mtsn, --net, --user, and --password options can be used to connect to IMM-based servers if the server running ASU and the target IMM-based servers are in one LAN. The --user user_id and --password password connect options are not required if you are using the local KCS interface.

Output

The output of the generate command is a message that indicates that the Remote Supervisor Adapter, Remote Supervisor Adapter II, or IMM has completed the command successfully.

The generate command for a self-signed certificate and corresponding output are shown in the following example.

Command

Command line:
asu generate RSA_Generate_SSL_Client_Certificate asu.xml
Output:
Certificate was generated successfully!
Command line:
asu generate IMM.SSL_HTTPS_SERVER_CERT asu.xml
Output:
Certificate was generated successfully!

The generate command for a certificate sign request certificate and corresponding output are shown in the following example:

Command line:
asu generate IMM.SSL_HTTPS_SERVER_CSR asu.xml
Output:
Certificate was generated successfully!

The generate command for SSH Key and corresponding output are shown in the following example:

Command line:
asu generate IMM.SSH_SERVER_KEY
Output:
Certificate was generated successfully!