Create SSL keyrings, CA Certificate Lists (CCLs), signing requests, self-signed certificates, and ssl-contexts.
(config)# ssl create ?
Create a CA Certificate List (CCL).
<keyring id>algorithm rsa length
<key_length>showable [yes | no
Create a keyring. Keyrings are containers for SSL certificates and their associated public and private keys on the appliance, and can be used to manage self-signed or CA-signed certificates.
For RSA keys, key length values are 2048, 3072, 4096. Default = 2048.
Create a self-signed certificate associated with the specified keyring. You will be prompted to define values for each of the certificate fields (country, state, and so forth).
(config-ssl)# create ssl-context <context_id> [keyring <keyring_id>] [ccl <ccl_name>] [protocol [ <protocol> ... ]] [cipher-suite [ <cipher-suite> ... ]]
Creates an SSL context with the specified name and (optional) keyring, CCL, protocols and cipher suites.
Create a request for a signed certificate associated with the specified keyring. You must specify all parameters when prompted for 'Value for'subject'
(config)# ssl create keyring sslkey algorithm rsa length 3072 showable no
(config)# ssl create signing-request sslkey subject "C=US,ST=CA,O=Symantec,CN=mc" alternative-names "198.51.100.20, altname2.companyname.com"