Certificate Request Polling - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request mode auto
# Set the certificate request mode to auto, and set the certificate revocation password in plain text to
123456.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request mode auto password simple 123456
# Set the certificate request mode to auto, and set the certificate revocation password in plain text to
123456. Configure the system to automatically request a new certificate by using a new key pair 60
days before the old certificate expires.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request mode auto password simple 123456
renew-before-expire 60
Related commands
pki request-certificate
certificate request polling
Use certificate request polling to set the polling interval and the maximum number of attempts to
query certificate request status.
Use undo certificate request polling to restore the defaults.
Syntax
certificate request polling { count count | interval interval }
undo certificate request polling { count | interval }
Default
The polling interval is 20 minutes, and the maximum number of attempts is 50.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
count count: Specifies the maximum number of query attempts. The value range is 1 to 100.
interval interval: Specifies a polling interval in minutes. The value range is 5 to 168.
Usage guidelines
After a PKI entity submits a certificate request, it might take the CA server a while to issue the
certificate if the CA administrator must manually approve the certificate request. During this period,
the PKI entity periodically queries the CA server for the certificate request status. The periodic query
operation stops until the PKI entity obtains the certificate or the maximum number of query attempts
is reached. If the maximum number of query attempts is reached, the certificate request fails.
If the CA server automatically approves certificate requests, the PKI entity can obtain the certificate
immediately after it submits a certificate request. In this case, the PKI entity does not send queries to
the CA server.
Examples
# Set the polling interval to 15 minutes, and the maximum number of query attempts to 40.
403
Advertisement
