Prerequisites
A PKI domain has been created and configured. For details, see 12.4 Configuring a PKI
Domain.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
pki enroll-certificate pki-realm-name [ pkcs10 [ filename filename ] ]
Manual certificate enrollment is configured.
If pkcs10 is specified, an entity applies to a CA for a certificate offline. The entity saves the
certificate request information in a file in PKCS#10 format and sends the file to the CA in an
outband way.
If pkcs10 is not specified, an entity applies to a CA for a certificate online.
Step 3 (Optional) Run:
pki get-certificate { ca | local } pki-realm-name
A certificate is obtained.
When a certificate is enrolled manually, the CA certificate and local certificate are downloaded
and saved in the default path automatically. If the CA certificate or local certificate is deleted
unexpectedly, run the pki get-certificate command to obtain the CA certificate or device
certificate again.
----End
12.5.3 Configuring Automatic Certificate Enrollment and Update
When the certificates are unavailable, will expire, or have expired, an entity automatically
requests a new certificate or renews the certificate using the Simple Certification Enrollment
Protocol (SCEP).
Prerequisites
A PKI domain has been created and configured. For details, see 12.4 Configuring a PKI
Domain.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
pki realm realm-name
A PKI domain is configured.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 12 PKI Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
246
To Next Page
Need help?
General
