Related commands
• pki import
• public-key local create (see Security Command Reference)
root-certificate fingerprint
Use root-certificate fingerprint to set the fingerprint for verifying the validity of the CA root certificate.
Use undo root-certificate fingerprint to remove the configuration.
Syntax
In non-FIPS mode:
root-certificate fingerprint { md5 | sha1 } string
undo root-certificate fingerprint
In FIPS mode:
root-certificate fingerprint sha1 string
undo root-certificate fingerprint
Default
No fingerprint is set.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
md5: Sets an MD5 fingerprint.
sha1: Sets a SHA1 fingerprint.
string: Sets the fingerprint information in hexadecimal notation. If you specify the MD5 keyword, the
fingerprint is a string of 32 characters. If you specify the SHA1 keyword, the fingerprint is a string of 40
characters.
Usage guidelines
If you set the certificate request mode to auto, but the PKI domain does not have a CA certificate, you
must use this command to set the fingerprint for verifying the validity of the CA root certificate. When an
application triggers the device to request the local certificates, the device automatically obtains the CA
certificate from the CA server. If the obtained CA certificate contains a CA root certificate that is not
stored locally, the device verifies the CA root certificate with the fingerprint. If the PKI domain is not
configured with any fingerprint or a wrong fingerprint, local certificate request fails.
When you import the CA certificate using the pki import command or obtain the CA certificate using the
pki retrieve command, you can choose whether to set the fingerprint of the CA root certificate. If you
222
To Next Page
Loading...
Need help?
General
