Usage guidelines
A certificate request can be submitted to a CA in offline or online mode. In online mode, a certificate
request can be automatically or manually submitted:
• Auto request mode—A PKI entity automatically obtains the CA certificate and submits a certificate
request to the registration acceptance authority when an associated application performs identity
authentication. You can set a password for certificate revocation if the CA server policy requires.
• Manual request mode—You must manually obtain the CA certificate and submit certificate
requests.
For secrecy, all keys, including keys configured in plain text, are saved in cipher text.
Examples
# Set the certificate request mode to auto.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request mode auto
# Set the certificate request mode to auto, and set a plaintext password for certificate revocation to
1234 56 .
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request mode auto password simple 123456
Related commands
pki request-certificate
certificate request polling
Use certificate request polling to set the polling interval and the maximum number of attempts for
querying certificate request status.
Use undo certificate request polling to restore the defaults.
Syntax
certificate request polling { count count | interval minutes }
undo certificate request polling { count | interval }
Default
The polling interval is 20 minutes, and the maximum number of attempts is 50.
Views
PKI domain view
Predefined user roles
network-admin
176
To Next Page
Loading...
Need help?
General
