This section provides the CLI command descriptions. Topics include:
This command configures TLS parameters.
This command creates a cipher list that the client sends to the server in the client Hello message. It is a list of ciphers that are supported and preferred by the SR OS to be used in the TLS session. The server matches this list against the server cipher list. The top cipher between both lists is chosen.
This command configures the cipher suite to be negotiated by the client with the server. The index provides the location of the cipher in the negotiation list, with the lower index number being on top of the negotiation list and the higher index number being at the bottom of the list.
This command configures the TLS client profile to be assigned to applications for encryption.
This command assigns the cipher list to be used by the TLS profile for negotiation in the client Hello message.
This command administratively enables or disables the TLS profile. If the TLS profile is shut down, the TLS operational status will be down. Therefore, if the TLS profile is shut down, any application using TLS should not attempt to send any PDUs.
This command assigns the trust anchor used by this TLS profile to authenticate the server.
This command configures a trust anchor profile to be used in the TLS profile. The trust anchor is used for authentication of the server certificate.
This command configures a trust anchor with a CA profile used by the TLS profile. Up to eight CA profiles can be configured under the trust anchor. TLS will read the CA profiles one by one to try to authenticate the server certificate.
This command adds or removes an LDAP server.
This command assigns a TLS profile to the LDAP application. When a TLS profile is assigned, the LDAP application will send encrypted PDUs from the client to the LDAP server. If TLS is operationally down, the LDAP application should not send any PDUs.
This command manually reloads the certificate or key cache.