entity automatically submits a certificate request and saves the certificate locally after obtaining it from
the CA.
A CA certificate must be present before you request a local certificate. If no CA certificate exists in the PKI
domain, the PKI entity automatically obtains a CA certificate before sending a certificate request.
To configure automatic certificate request:
Step
1.
Enter system view.
2.
Enter PKI domain view.
3.
Set the certificate request
mode to auto.
Manually requesting a certificate
Before you manually submit a certificate request, make sure the CA certificate exists and a key pair is
specified for the PKI domain:
The CA certificate is used to verify the authenticity and validity of the obtained local certificate.
•
The key pair is used for certificate request. Upon receiving the public key and the identity
•
information, the CA signs and issues a certificate.
After the CA issues the certificate, the device obtains and saves it locally.
To manually request a certificate:
Step
1.
Enter system view.
2.
Enter PKI domain view.
3.
Set the certificate request
mode to manual.
4.
Return to system view.
5.
Obtain the CA
certificate.
6.
Submit a certificate
request or generate a
certificate request in
PKCS#10 format.
Command
system-view
pki domain domain-name
certificate request mode auto [ password
{ cipher | simple } password ]
Command
system-view
pki domain domain-name
certificate request mode manual
quit
See
"Obtaining
certificates."
pki request-certificate domain
domain-name [ password password ]
[ pkcs10 [ filename filename ] ]
193
Remarks
N/A
N/A
By default, the manual
request mode applies.
In auto request mode, set a
password for certificate
revocation as required by
the CA policy.
Remarks
N/A
N/A
By default, the manual request
mode applies.
N/A
N/A
This command is not saved in the
configuration file.
This command triggers the PKI
entity to automatically generate
a key pair if the key pair
specified in the PKI domain does
not exist. The name, algorithm,
and length of the key pair are
configured in the PKI domain.