Table of Contents
Advertisement
[Sysname-ikev2-profile-profile1] authentication local pre-share
[Sysname-ikev2-profile-profile1] authentication remote rsa-signature
# Specify PKI domain
[Sysname-ikev2-profile-profile1] certificate domain genl
# Specify IKEv2 keychain
[Sysname-ikev2-profile-profile1] keychain keychain1
Related commands
display ikev2 profile
certificate domain
keychain
certificate domain
Use
certificate domain
negotiation.
Use
undo certificate domain
negotiation.
Syntax
certificate domain domain-name [ sign | verify ]
undo certificate domain domain-name
Default
PKI domains configured in system view are used for signature authentication.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
domain-name
: Uses the local certificate in the PKI domain to generate a signature.
sign
: Uses the CA certificate in the PKI domain to verify the remote end's certificate.
verify
Usage guidelines
If you do not specify the
purposes. You can specify a PKI domain for each purpose by executing this command
verify
multiple times. If you specify the same PKI domain for both purposes, the later configuration takes
effect. For example, if you execute
domain abc verify
If the local end uses RSA, DSA, or ECDSA signature authentication, you must specify a PKI domain
for signature generation. If the remote end uses RSA, DSA, or ECDSA signature authentication, you
must specify a PKI domain for verifying the remote end's certificate. If you do not specify PKI
domains, the PKI domains configured in system view will be used.
Examples
# Create an IKEv2 profile named profile1.
as the PKI domain for obtaining certificates.
genl
keychain1
(IKEv2 profile view)
(IKEv2 profile view)
to specify a PKI domain for signature authentication in IKEv2
: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.
or
sign
successively, the PKI domain abc will be used only for verification.
.
to remove a PKI domain for signature authentication in IKEv2
keyword, the PKI domain is used for both
verify
certificate domain abc sign
4
and
sign
and
certificate
Advertisement
Chapters
Table of Contents
