SSL Certificate Overview
This document presents basic overview of cert
command in WeOS.
What is an SSL Certificate
SSL Certificate is a file that binds a cryptographic key to an organization. When installed on Web Server it allows secure connections to be made, using HTTPS protocol.
SSL Certificates in WeOS
Default SSL Certificate is always present in WeOS, and when it is deleted, new one will be generated implicitely at reboot.
Users may import custom certificates and use them instead of builtin ones
in applications that allow such operation, such as DDNS
.
If needed, certificates and OpenVPN secret keys may also be generated.
Certificates & keys management
Certificates and keys can be managed from both CLI and Web interfaces.
CLI Syntax:
[no][show] cert [all] [full] [generate [OPTS] | import [OPTS] URI
-
Manage certificates and keys.
- no
- Delete a complete certificate bundle by its label.
- show
- Dump certificate information: attributes & meta data.
full - display full certificate’s LABEL
all - display all keys & certificates (including WeOS built-in)
- display info about certificate with specified HASH - generate
- Generate certificates and OpenVPN secret keys (PSK). Signing, or self-signed CA not supported yet.
- import
- Import PKCS12 certificate bundles, stand-alone PEM/DER, Astaro Secure Gateway bundles or OpenVPN static key files.
Examples
Import a PKCS#12 or a PEM certificate:
example:/#> cert import pkcs password "secret string" ftp://1.2.3.4/bundle.p12 example:/#> cert import pem type public usb://remote.crt
Import an Astaro Secure Gateway bundle and setup an OpenVPN tunnel:
example:/#> cert import apc to-ssl 1 ftp://1.2.3.4/bundle.apc
Only import certificates from an Astaro Secure Gateway bundle:
example:/#> cert import apc certs-only ftp://1.2.3.4/bundle.apc
Import an OpenVPN static key (PSK):
example:/#> cert import ovpn ftp://1.2.3.4/ovpn.key
Generate an OpenVPN static key (PSK):
example:/#> cert generate ovpn label NAME
Show all certificates or display a given label/hash:
example:/#> show cert TYPE HASH EXPIRES NAME Pub 52ff4f77 Jan 19 2038 zero-12-34-50.local Key N/A N/A web-default
example:/#> show cert full TYPE HASH EXPIRES NAME LABEL Pub 52ff4f77 Jan 19 2038 zero-12-34-50.local web-default Key N/A N/A web-default web-default
example:/#> show cert all Press Ctrl-C or Q(uit) to quit viewer, Space for next page,for next line. TYPE HASH EXPIRES NAME CA-auto a94d09e5 Dec 31 2030 ACCVRAIZ1 CA-auto cd8c0d63 Jan 1 2030 N/A CA-auto 930ac5d2 Sep 22 2030 Actalis Authentication Root CA CA-auto 157753a5 May 30 2020 AddTrust External CA Root CA-auto 2b349938 Dec 31 2030 AffirmTrust Commercial CA-auto 93bc0acc Dec 31 2030 AffirmTrust Networking CA-auto b727005e Dec 31 2040 AffirmTrust Premium CA-auto 9c8dfbd4 Dec 31 2040 AffirmTrust Premium ECC CA-auto ce5e74ef Jan 17 2038 Amazon Root CA 1 CA-auto 6d41d539 May 26 2040 Amazon Root CA 2 CA-auto 8cb5ee0f May 26 2040 Amazon Root CA 3 CA-auto de6d66f3 May 26 2040 Amazon Root CA 4 CA-auto e36a6752 Dec 31 2030 Atos TrustedRoot 2011 CA-auto 3bde41ac Dec 31 2030 Autoridad de Certificacion Firmapr~l CIF A62634068 CA-auto 653b494a May 12 2025 Baltimore CyberTrust Root CA-auto 54657681 Oct 26 2040 Buypass Class 2 Root CA CA-auto e8de2f56 Oct 26 2040 Buypass Class 3 Root CA CA-auto 2ae6433e Jul 19 2042 CA Disig Root R2 CA-auto 0b1b94ef Dec 31 2029 CFCA EV ROOT CA-auto 40547a79 Dec 31 2029 COMODO Certification Authority CA-auto eed8c118 Jan 18 2038 COMODO ECC Certification Authority CA-auto d6325660 Jan 18 2038 COMODO RSA Certification Authority --More-- (17% of 10619 bytes)
Remove certificate by label/hash
example:/#> no cert
Use force
parameter to avoid questions:
example:/#> no cert force