3Com Router 3000 Ethernet Family
Configuration Guide
Restore the default request mode
By default, manual mode is selected.
9.2.9 Delivering a Certificate Request Manually
A certificate request completes with user public key and other registered information.
All configured, you can deliver the certificate request to a PKI RA.
Perform the following configuration in system view.
Table 9-20 Deliver a certificate request
Deliver a certificate request.
Caution:
If a local certificate already exists, certificate request operation is disallowed to
eliminate inconsistency between certificate and registration information resulted
from configuration change. To request a new certificate, you should first delete the
existing local certificate and all the CA certificates locally stored using the pki delete
certificate command.
If you cannot send certificate request to CA using SCEP, you can select the
parameter pkcs10 to print out the request information, copy it and send one to CA in
out-of-band mode.
Before you deliver the certificate request, make sure the clocks of entity and CA are
synchronous. Otherwise, fault occurs to the certificate validation period.
This operation will not be saved.
9.2.10 Retrieving a Certificate Manually
Certificate retrieval serves two purposes: store locally the certificate related to local
security domain to improve query efficiency; prepare for certificate validation.
When downloading a digital certificate, select the local keyword for a local certificate
and ca keyword for a CA certificate.
Perform the following configuration in system view.
Operation
Operation
3Com Corporation
9-13
Chapter 9 PKI Configuration
Command
undo certificate request mode
Command
pki
request-certificate
domain-name [ password ] [ pkcs10
[ filename filename ] ]
domain