193
entity automatically submits a certificate request and saves the certificate locally after obtaining it from
the CA.
A CA certificate must be present before you request a local certificate. If no CA certificate exists in the PKI
domain, the PKI entity automatically obtains a CA certificate before sending a certificate request.
To configure automatic certificate request:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter PKI domain view.
pki domain domain-name N/A
3. Set the certificate request
mode to auto.
certificate request mode auto [ password
{ cipher | simple } password ]
By default, the manual
request mode applies.
In auto request mode, set a
password for certificate
revocation as required by
the CA policy.
Manually requesting a certificate
Before you manually submit a certificate request, make sure the CA certificate exists and a key pair is
specified for the PKI domain:
• The CA certificate is used to verify the authenticity and validity of the obtained local certificate.
• The key pair is used for certificate request. Upon receiving the public key and the identity
information, the CA signs and issues a certificate.
After the CA issues the certificate, the device obtains and saves it locally.
To manually request a certificate:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter PKI domain view.
pki domain domain-name N/A
3. Set the certificate request
mode to manual.
certificate request mode manual
By default, the manual request
mode applies.
4. Return to system view.
quit N/A
5. Obtain the CA
certificate.
See "Obtaining certificates." N/A
6. Submit a certificate
request or generate a
certificate request in
PKCS#10 format.
pki request-certificate domain
domain-name [ password password ]
[ pkcs10 [ filename filename ] ]
This command is not saved in the
configuration file.
This command triggers the PKI
entity to automatically generate
a key pair if the key pair
specified in the PKI domain does
not exist. The name, algorithm,
and length of the key pair are
configured in the PKI domain.
To Next Page
Loading...
Need help?
General
