258
Step Command Remarks
4. Return to system view.
quit N/A
5. Retrieve the CA certificate.
See "Retrieving a certificate
manually"
N/A
6. Verify the validity of the
certificate.
pki validate-certificate { ca | local }
domain domain-name
N/A
Destroying a local RSA key pair
A certificate has a lifetime, which is determined by the CA. When the private key leaks or the certificate
is about to expire, you can destroy the old RSA key pair and then create a pair to request a new
certificate.
To destroy a local RSA key pair:
Step Command
1. Enter system view.
system-view
2. Destroy a local RSA key pair.
public-key local destroy rsa
For more information about the public-key local destroy command, see Security Command Reference.
Deleting a certificate
When a certificate requested manually is about to expire or you want to request a new certificate, you
can delete the current local certificate or CA certificate.
To delete a certificate:
Step Command
1. Enter system view.
system-view
2. Delete certificates.
pki delete-certificate { ca | local } domain domain-name
Configuring an access control policy
By configuring a certificate attribute access control policy, you can further control access to the server,
providing additional security for the server.
To configure a certificate attribute access control policy:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a certificate attribute
group and enter its view.
pki certificate attribute-group
group-name
No certificate attribute group
exists by default.
To Next Page
Loading...
