Web Server 481crypto certificate generateThe crypto certificate generate Global Configuration mode command generates a HTTPS certificate.Syntax• crypto certificate [number] generate [key-generate [length]] [passphrase string] [cn common-name][or organization] [loc location] [st state] [cu country] [duration days]• number — Specifies the certificate number. If unspecified, defaults to 1. (Range: 1 - 2)• key-generate — Regenerate SSL RSA key.• length — Specifies the SSL RSA key length. If unspecified, length defaults to 1024.(Range: 512 - 2048)• passphrase string — Passphrase that is used for exporting the certificate in PKCS12 file format. Ifunspecified the certificate is not exportable. (Range: 512 - 2048)• cn common-name — Specifies the fully qualified URL or IP address of the device. If unspecified,defaults to the lowest IP address of the device (where the certificate is generated). (Range: 1 - 64)• or organization — Specifies the organization name. (Range: 1 - 64)• loc location — Specifies the location or city name. (Range: 1 - 64)• st state — Specifies the state or province name. (Range: 1 - 64)• cu country — Specifies the country name. (Range: 2 - 2)• duration days — Specifies number of days a certification would be valid. If unspecified defaults to365 days. (Range: 30 - 3650)Default ConfigurationThe Certificate and the SSL RSA key pairs do not exist.Command ModeGlobal Configuration mode.User Guidelines• The command is not saved in the device configuration; however, the certificate and keys generated bythis command are saved in the private configuration, which is never displayed to the user or backed upto another device.• Use this command to generate self-signed certificate for your device.• When you export an RSA key pair to a PKCS#12 file, the RSA key pair is as secure as the passphrase.Therefore, keep the passphrase secure.5400_CLI.book Page 481 Wednesday, December 17, 2008 4:33 PM