tlsconfig
Syntax
tlsconfig [-sfo]
tlsconfig [-f
file] [-sfo]
tlsconfig -r [-q]
tlsconfig -e [-f
file]
tlsconfig -d [-i
index][-q]
tlsconfig -x [-i
index][-f
file][-t DER | PEM] [-sfo]
tlsconfig -k [none | peer] [-o
hostname | none]
tlsconfig -c [list |
cipher-list]
tlsconfig -v [auto | 1.0 | 1.1 | 1.2]
Description
Displays and modifies TLS connection settings and certificates.
Options
-sfo
- Displays information in standard format output.
-f file
- Displays X509 information from a PEM or DER-formatted file.
-r
- Resets the TLS configuration to platform defaults and deletes the certificate.
-q
- Suppresses the confirmation prompt.
-e
- Enrolls a X509 file into the TLS certificates database.
-d
- Deletes a TLS certificate.
-i
- Selects a TLS certificate.
-x
- Exports a TLS certificate.
-t
- Specifies the file format of exported certificate.
-k
- When
none
is specified, certificate validation for every TLS connection is disabled. Whenpeer
is specified, certificate validation for every TLS connection is enabled. -o
- When
none
is specified, host name checking for certificate validation on every TLS connection is disabled. Whenhostname
is specified, host name checking for certificate validation on every TLS connection is enabled. -c
- Specifies or shows which ciphers are allowed for TLS connections.
-v
- Specifies which TLS protocol version to use. The
auto
setting negotiates the highest version supported by both TLS server and the client.
Usage
This command affects pre-boot features that use HTTPS functionality, such as HTTPS boot, and UEFI Shell commands, such as
webclient
.
Examples
To display all TLS settings and the certificates:
Shell> tlsconfig
To display detailed information from a X509 file:
Shell> tlsconfig -f abc.der
To display detailed information from a X509 file located on an http server:
Shell> tlsconfig -f http://www.example.com/CERT/abc.der
To enroll a X509 file in the TLS certificate database from a file:
Shell> tlsconfig -e -f abc.der
To enroll in the TLS certificate database from a file on network:
Shell> tlsconfig -e -f http://www.example.com/CERT/abc.der
To delete the first TLS certificate without a confirmation prompt:
Shell> tlsconfig -d -i 1 -q
To display the TLS certificates in PEM format:
Shell> tlsconfig -x
To export the third TLS certificate in DER format to a file named
abc.crt
:
Shell> tlsconfig -x -i 3 -f abc.crt -t DER
To export the third TLS certificate in DER format to a file abc.crt:
Shell> tlsconfig -x -i 3 -f http://www.example.com/CERT/abc.crt -t DER
To specify TLS cipher algorithms:
Shell> tlsconfig -c AES128-SHA256:AES256-SHA256
To show TLS supported ciphers:
Shell> tlsconfig -c list
To enable certificate validation on a TLS connection:
Shell> tlsconfig -k PEER -o HOSTNAME
To specify that TLS v1.2 protocol version is used:
Shell> tlsconfig -v 1.2