Table of Contents
Advertisement
Step
enter its view.
6.
Create a certificate access
control rule.
Displaying and maintaining PKI
Execute display commands in any view.
Task
Display the contents of a certificate.
Display certificate request status.
Display locally stored CRLs in a PKI
domain.
Display certificate attribute group
information.
Display certificate-based access control
policy information.
PKI configuration examples
You can use different software applications, such as Windows server, RSA Keon, and OpenCA, to
act as the CA server.
If you use Windows server or OpenCA, you must install the SCEP add-on for Windows server or
enable SCEP for OpenCA. In either case, when you configure a PKI domain, you must use the
certificate request from ra command to specify the RA to accept certificate requests.
If you use RSA Keon, the SCEP add-on is not required. When you configure a PKI domain, you must
use the certificate request from ca command to specify the CA to accept certificate requests.
Requesting a certificate from an RSA Keon CA server
Network requirements
Configure the PKI entity (the device) to request a local certificate from the CA server.
Figure 79 Network diagram
Command
policy-name
rule [ id ] { deny | permit }
group-name
Command
display pki certificate domain domain-name { ca | local | peer
[ serial serial-num ] }
display pki certificate request-status [ domain domain-name ]
display pki crl domain domain-name
display pki certificate attribute-group [ group-name ]
display pki certificate access-control-policy [ policy-name ]
238
Remarks
access control policy exists.
By default, no certificate access
control rules are configured, and
all certificates can pass the
verification.
You can create multiple access
control rules are for a
certificate-based access control
policy.
Advertisement
Table of Contents
Troubleshooting
