CLD Help for CA Commands lists Subject DN out of order on USG60W - probably others

danyedinak

In shell, issuing the following command :

ca generate x509 name certname cn-type ip cn 123.123.123.123 ? 

yields the following help : 

c<br>key-type<br>l<br>o<br>ou<br>s<br>usr-def<br>

However, if you try to create a certificate or request in this order it generates the following error : 

% (after '"<something>"'): Parse error<br>retval = -1<br>ERROR: Parse error/command not found!

The correct sequence is :

ou<br>o&nbsp;<br>l&nbsp;<br>s&nbsp;<br>c&nbsp;<br>key-type<br>usr-def<br>

Two things would really help in the command line help, here : 

1. list the Subject DN's in the correct order/sequence
2. Add a hint to what the DN code is. For example, typing :

   ca generate x509 name <name> cn-type ip cn <ipv4address> ?

   currently generates the help :
   

   "<name>"<br><name>

   which does not help illuminate what the letter designation is. I'd rather see something useful like :
   

   "<country_name>"<br><country_name>

Obviously I have figured this out, and others likely have, too, but it would have saved a ton of time, and will be helpful during those long, late night episodes when the brain is already foggy.

Zyxel_Cooldia

Hi @danyedinak,
Thanks for your suggestion. The CLI order will mislead user to generate certificate, moreover, the CLI help does not show useful information to user.
I will write feedback to internal.