EasyManuals Logo

H3C MSR Series Command Reference

H3C MSR Series
1187 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #517 background imageLoading...
Page #517 background image
494
ca: Specifies the CA certificate.
local: Specifies the local certificates.
peer entity-name: Specifies a peer entity by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
In online mode:
You can obtain the CA certificate through the SCEP protocol. If a CA certificate already exists
locally, do not obtain the CA certificate again. To obtain a new CA certificate, use the pki
delete-certificate command to remove the CA certificate and local certificates, and then obtain
the CA certificate again.
You can obtain local certificates or peer certificates through the LDAP protocol. If a PKI domain
already has local certificates or peer certificates, you can still perform the obtain operation and
the obtained local certificates or peer certificates overwrite the existing ones. If RSA is used, a
PKI domain can have two local certificates, one for signing and the other for encryption.
Certificates for different purposes do not overwrite each other.
The obtained CA certificate, local certificates, and peer certificates are automatically verified before
they are saved locally. If the verification fails, they are not saved.
This command is not saved in the configuration file.
Examples
# Obtain the CA certificate from the certificate distribution server. (This operation requires the user to
confirm the fingerprint of the CA root certificate.)
<Sysname> system-view
[Sysname] pki retrieve-certificate domain aaa ca
The trusted CA's finger print is:
MD5 fingerprint:5C41 E657 A0D6 ECB4 6BD6 1823 7473 AABC
SHA1 fingerprint:1616 E7A5 D89A 2A99 9419 1C12 D696 8228 87BC C266
Is the finger print correct?(Y/N):y
# Obtain the local certificates from the certificate distribution server.
<Sysname> system-view
[Sysname] pki retrieve-certificate domain aaa local
# Obtain the certificate of peer entity en1 from the certificate distribution server.
<Sysname> system-view
[Sysname] pki retrieve-certificate domain aaa peer en1
Related commands
display pki certificate
pki delete-certificate
pki retrieve-crl
Use pki retrieve-crl to obtain CRLs and save them locally.
Syntax
pki retrieve-crl domain domain-name
Views
System view

Table of Contents

Other manuals for H3C MSR Series

Preview: Manual
Manual33 pages
Preview: Probe Command Reference
Probe Command Reference28 pages
Preview: Configuration Guide
Configuration Guide80 pages
Preview: Troubleshooting Guide
Troubleshooting Guide28 pages
Preview: User Guide
User Guide26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General IconGeneral
CategoryNetwork Router
IPv6 SupportYes
DimensionsVaries by model
WeightVaries by model
Product TypeModular Router
PortsVaries by model
WAN InterfacesVaries by model
FirewallYes
QoSYes
Wireless SupportVaries by model
USB PortsVaries by model
Console PortYes
Power SupplyVaries by model
RedundancyVaries by model
Operating Temperature0°C to 45°C
Storage Temperature-40°C to 70°C
Humidity5% to 95% non-condensing
SeriesMSR
CertificationsCE, FCC, RoHS

Related product manuals