251
Displaying and maintaining PKI
To do… Use the command… Remarks
Display the contents or request
status of a certificate
display pki certificate { { ca | local }
domain domain-name |
request-status } [ | { begin |
exclude | include }
regular-expression ]
Available in any view
Display CRLs
display pki crl domain
domain-name [ | { begin | exclude
| include } regular-expression ]
Available in any view
Display information about
certificate attribute groups
display pki certificate
attribute-group { group-name |
all } [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display information about
certificate attribute-based access
control policies
display pki certificate
access-control-policy { policy-name
| all } [ | { begin | exclude |
include } regular-expression ]
Available in any view
PKI configuration examples
CAUTION:
• When the CA uses Windows Server, the SCEP add-on is required, and you must use the certificate
request from ra command to specify that the entity request a certificate from an RA.
• When the CA uses RSA Keon, the SCEP add-on is not required, and you must use the certificate request
from ca command to specify that the entity request a certificate from a CA.
Requesting a certificate from a CA server running RSA Keon
Network requirements
• The switch submits a local certificate request to the CA server.
• The switch acquires the CRLs for certificate verification.
Figure 96 Request a certificate from a CA server running RSA Keon
CA server
Internet
Host
Device
PKI entity
Configuration procedure
1. Configure the CA server
# Create a CA server named myca.
To Next Page
Loading...
Need help?
General