Configuring a TLS trust anchor

The following displays the CLI syntax for a TLS trust anchor:

config>system>security>pki
   [no] ca-profile
   certificate-display-format
   [no] certificate-expiration-warning hours 
   [no] crl-expiration-warning
   [no] maximum-cert-chain-depth

config>system>security>tls
   [no] trust-anchor-profile
   [no] client-tls-profile
      [no] cipher-list
      [no] shutdown
      [no] trust-anchor-profile-profile

The following displays a TLS trust anchor configuration example:

*B:SeGW-1>config>system>security>pki# info
----------------------------------------------
        ca-profile ‟tls-server-1-ca" create
            cert-file ‟tls-1-Root-CERT"
            crl-file ‟tls-1-CRL-CERT‟
            no shutdown
        exit
----------------------------------------------
*A:SwSim8>config>system>security>tls# info
----------------------------------------------
        trust-anchor-profile "server-1-ca" create
            trust-anchor "tls-server-1-ca"
        exit
        client-tls-profile "server-1-profile" create
            cipher-list "to-active-server"
            trust-anchor-profile ‟server-1-ca‟
            no shutdown
        exit