To do...
Display information about one
or all certificate attribute groups
Display information about one
or all certificate attribute-based
access control policies
PKI Configuration Examples
The SCEP plug-in is required when you use the Windows Server as the CA. In this case, when
configuring the PKI domain, you need to use the certificate request from ra command to specify
that the entity requests a certificate from an RA.
The SCEP plug-in is not required when RSA Keon is used. In this case, when configuring a PKI
domain, you need to use the certificate request from ca command to specify that the entity
requests a certificate from a CA.
Requesting a Certificate from a CA Running RSA Keon
The CA server runs RSA Keon in this configuration example.
Network requirements
The device submits a local certificate request to the CA server.
The device acquires the CRLs for certificate verification.
Figure 1-2 Request a certificate from a CA running RSA Keon
Configuration procedure
1)
Configure the CA server
# Create a CA server named myca.
Use the command...
display pki certificate
attribute-group { group-name |
all }
display pki certificate
access-control-policy
{ policy-name | all }
1-13
Remarks
Available in any view
Available in any view