248
An independent RA is recommended as the authority to accept certificate requests.
Examples
# Specify the RA to accept certificate requests.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request from ra
certificate request mode
Use certificate request mode to set the certificate request mode.
Use undo certificate request mode to restore the default.
Syntax
certificate request mode { auto [ password { cipher | simple } password ] | manual }
undo certificate request mode
Default
The certificate request mode is manual.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
auto: Specifies the certificate request mode as auto.
password: Specifies a password for certificate revocation.
cipher: Sets a ciphertext password for certificate revocation.
simple: Sets a plaintext password for certificate revocation.
password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be
a string of 1 to 31 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
manual: Specifies the certificate request mode as manual.
Usage guidelines
A certificate request can be submitted to a CA in offline or online mode. In online mode, a certificate
request can be automatically or manually submitted:
• Auto request mode—A PKI entity automatically obtains the CA certificate and submits a certificate
request to the registration acceptance authority when an associated application, for example, IKE,
performs identity authentication. You can set a password for certificate revocation if the CA server
policy requires one.
• Manual request mode—You must manually obtain the CA certificate and submit certificate
requests.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
To Next Page
Loading...
Need help?
General
