To do...
Display information about one
or all certificate attribute-based
access control policies
PKI Configuration Examples
The SCEP plug-in is required when you use the Windows Server as the CA. In this case, when
configuring the PKI domain, you need to use the certificate request from ra command to specify
that the entity requests a certificate from an RA.
The SCEP plug-in is not required when RSA Keon is used. In this case, when configuring a PKI
domain, you need to use the certificate request from ca command to specify that the entity
requests a certificate from a CA.
Requesting a Certificate from a CA Running RSA Keon
The CA server runs RSA Keon in this configuration example.
Network requirements
The device submits a local certificate request to the CA server.
The device acquires the CRLs for certificate verification.
Figure 10-2 Request a certificate from a CA running RSA Keon
Configuration procedure
1)
Configure the CA server
# Create a CA server named myca.
In this example, you need to configure these basic attributes on the CA server at first:
Nickname: Name of the trusted CA.
Use the command...
display pki certificate
access-control-policy
{ policy-name | all }
10-13
Remarks
Available in any view