231
To do… Use the command…
Remarks
Create a certificate attribute-based
access control policy and enter its
view
pki certificate access-control-policy
policy-name
Required
No access control policy exists by
default.
Configure a certificate
attribute-based access control rule
rule [ id ] { deny | permit }
group-name
Required
No access control rule exists by
default.
CAUTION:
certificate attribute group must exist to be associated with a rule.
Displaying and maintaining PKI
To do… Use the command… Remarks
Display the contents or request
status of a certificate
display pki certificate { { ca | local }
domain domain-name |
request-status } [ | { begin |
exclude | include }
regular-expression ]
Available in any view
Display CRLs
display pki crl domain
domain-name [ | { begin | exclude
| include } regular-expression ]
Available in any view
Display information about one or
all certificate attribute groups
display pki certificate
attribute-group { group-name |
all } [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display information about one or
all certificate attribute-based
access control policies
display pki certificate
access-control-policy { policy-name
| all } [ | { begin | exclude |
include } regular-expression ]
Available in any view
PKI configuration examples
CAUTION:
• The SCEP add-on is required when you use the Windows Server as the CA. In this case, when
configuring the PKI domain, you need to use the certificate request from ra command to specify that the
entity requests a certificate from an RA.
• The SCEP add-on is not required when RSA Keon is used. In this case, when confi
urin
a PKI domain,
you need to use the certificate request from ca command to specify that the entity requests a certificate
from a CA.
Unless otherwise noted, devices in the configuration examples are operating in non-FIPS mode.
Requesting a certificate from a CA running RSA Keon
To Next Page
Loading...
Need help?
General