Displaying and maintaining PKI
To do...
Display the contents or request
status of a certificate
Display CRLs
Display information about
certificate attribute groups
Display information about
certificate attribute-based access
control policies
PKI configuration examples
CAUTION:
•
When the CA uses Windows Server, the SCEP add-on is required, and you must use the certificate
request from ra command to specify that the entity request a certificate from an RA.
When the CA uses RSA Keon, the SCEP add-on is not required, and you must use the certificate request
•
from ca command to specify that the entity request a certificate from a CA.
Requesting a certificate from a CA server running RSA Keon
Network requirements
•
The switch submits a local certificate request to the CA server.
The switch acquires the CRLs for certificate verification.
•
Figure 96 Request a certificate from a CA server running RSA Keon
Host
Configuration procedure
Configure the CA server
1.
# Create a CA server named myca.
Use the command...
display pki certificate { { ca | local }
domain domain-name |
request-status } [ | { begin |
exclude | include }
regular-expression ]
display pki crl domain
domain-name [ | { begin | exclude
| include } regular-expression ]
display pki certificate
attribute-group { group-name |
all } [ | { begin | exclude |
include } regular-expression ]
display pki certificate
access-control-policy { policy-name
| all } [ | { begin | exclude |
include } regular-expression ]
PKI entity
Internet
Device
CA server
251
Remarks
Available in any view
Available in any view
Available in any view
Available in any view