The following displays the CLI syntax for a TLS trust anchor:
config>system>security>pki
[no] ca-profile
certificate-display-format
[no] certificate-expiration-warning hours
[no] crl-expiration-warning
[no] maximum-cert-chain-depth
config>system>security>tls
[no] trust-anchor-profile
[no] client-tls-profile
[no] cipher-list
[no] shutdown
[no] trust-anchor-profile-profile
The following displays a TLS trust anchor configuration example:
*B:SeGW-1>config>system>security>pki# info
----------------------------------------------
ca-profile ‟tls-server-1-ca" create
cert-file ‟tls-1-Root-CERT"
crl-file ‟tls-1-CRL-CERT‟
no shutdown
exit
----------------------------------------------
*A:SwSim8>config>system>security>tls# info
----------------------------------------------
trust-anchor-profile "server-1-ca" create
trust-anchor "tls-server-1-ca"
exit
client-tls-profile "server-1-profile" create
cipher-list "to-active-server"
trust-anchor-profile ‟server-1-ca‟
no shutdown
exit