To do...
Display information about one or all
certificate attribute groups
Display information about one or all
certificate attribute-based access
control policies
PKI Configuration Examples
The SCEP plug-in is required when you use the Windows Server as the CA. In this case, when
configuring the PKI domain, you need to use the certificate request from ra command to specify
that the entity requests a certificate from an RA.
The SCEP plug-in is not required when RSA Keon is used. In this case, when configuring a PKI
domain, you need to use the certificate request from ca command to specify that the entity
requests a certificate from a CA.
Requesting a Certificate from a CA Running RSA Keon
The CA server runs RSA Keon in this configuration example.
Network requirements
The device submits a local certificate request to the CA server.
The device acquires the CRLs for certificate verification.
Figure 1-2 Request a certificate from a CA running RSA Keon
Configuration procedure
1)
Configure the CA server
# Create a CA server named myca.
In this example, you need to configure these basic attributes on the CA server at first:
Nickname: Name of the trusted CA.
Use the command...
display pki certificate
attribute-group { group-name |
all }
display pki certificate
access-control-policy
{ policy-name | all }
1-12
Remarks
Available in any view
Available in any view