ALx3LJijB3d/ndKpcHT/DfbJVDCn5gdw32tBZyCkEwMHZN3ol2z7Nmdcu5TED6iN8
4m+hfp1QWoV6lty3o9pxAXuQl8peUDcfN6WV3LBXYyl1WCtkLkECAwEAAaAAMA0G
CSqGSIb3DQEBBAUAA4GBAA8E7BaIdmT6NVCZgv/I/1tqZH3TS4e4H9Qo5NiCKiEw
R8owVmA0XVtGMbyqBNcDTG0f5NbHrXZQT5+MbFJOnm5K/mn1ro5TJKMTKV46PlCZ
JUjsugaY02GBY0BVcylpC9iIXLuXNIqjh1MBIqVsa1lQOHS7YMvnop6hXAQlkM4c
-----END NEW CERTIFICATE REQUEST-----
# Request the local certificates.
[Sysname] pki request-certificate domain openca
Start to request the general certificate ...
…
Request certificate of domain openca successfully
Related commands
display pki certificate
pki retrieve-certificate
Use pki retrieve-certificate to obtain a certificate from the certificate distribution server.
Syntax
pki retrieve-certificate domain domain-name { ca | local | peer entity-name }
Views
System view
Predefined user roles
network-admin
Parameters
domain domain-name: Specifies the name of a PKI domain, a case-insensitive string of 1 to 31
characters.
ca: Specifies the CA certificate.
local: Specifies the local certificates.
peer entity-name: Specifies a peer entity by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
In online mode, you can obtain the CA certificate through the SCEP protocol. If a CA certificate already
exists locally, do not obtain the CA certificate again. To obtain a new one, use the pki delete-certificate
command to remove the CA certificate and local certificates, and then obtain the CA certificate again.
In online mode, you can obtain local certificates or peer certificates through the LDAP protocol. If a PKI
domain already has local certificates or peer certificates, you can still perform the obtain operation and
the obtained local certificates or peer certificates overwrite the existing ones. If RSA is used, a PKI
domain can have two local certificates, one for signing and the other for encryption. Certificates for
different purposes do not overwrite each other.
213
To Next Page
Loading...
Need help?
General
