77
# Specify the pre-shared key and RSA signatures as the local and remote authentication methods,
respectively.
[Sysname-ikev2-profile-profile1] authentication local pre-share
[Sysname-ikev2-profile-profile1] authentication remote rsa-signature
# Specify the PKI domain genl as the PKI domain for obtaining certificates.
[Sysname-ikev2-profile-profile1] certificate domain genl
# Specify the keychain keychain1.
[Sysname-ikev2-profile-profile1] keychain keychain1
Related commands
display ikev2 profile
certificate domain (IKEv2 profile view)
keychain (IKEv2 profile view)
New command: certificate domain
Use certificate domain to specify a PKI domain for signature authentication in IKEv2 negotiation.
Use undo certificate domain to remove a PKI domain for signature authentication in IKEv2
negotiation.
Syntax
certificate domain domain-name [ sign | verify ]
undo certificate domain domain-name
Default
PKI domains configured in system view are used.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.
sign: Uses the local certificate in the PKI domain to generate a signature.
verify: Uses the CA certificate in the PKI domain to verify the remote end's certificate.
Usage guidelines
If you do not specify the sign or verify keyword, the PKI domain is used for both sign and verify
purposes. You can specify a PKI domain for each purpose by executing this command multiple times.
If you specify the same PKI domain for both purposes, the later configuration takes effect. For
example, if you execute certificate domain abc sign and certificate domain abc verify
successively, the PKI domain abc will be used only for verification.
To Next Page
Loading...
Need help?
General
