beautypg.com

Aborting a certificate request, Obtaining certificates – H3C Technologies H3C S6300 Series Switches User Manual

Page 206

background image

191

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter PKI domain view.

pki domain domain-name N/A

3.

Set the certificate request
mode to manual.

certificate request mode manual

By default, the manual request
mode applies.

4.

Return to system view.

quit

N/A

5.

Obtain the CA
certificate.

See "

Obtaining certificates

." N/A

6.

Submit a certificate
request or generate a

certificate request in

PKCS#10 format.

pki request-certificate domain
domain-name [ password password ]

[ pkcs10 [ filename filename ] ]

This command is not saved in the
configuration file.
Executing the command triggers
the PKI entity to automatically

generate a key pair according to
the key name, algorithm and

length defined in the PKI domain

if the key pair specified in the PKI
domain does not exist.

Aborting a certificate request

Before the CA issues a certificate, you can abort a certificate request to change some parameters, such

as the common name, country code, and FQDN, in the certificate request. You can use display pki
certificate request-status to display the certificate request status.
Alternatively, you can also remove the PKI domain to abort the certificate request.
To abort a certificate request:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Abort a certificate request.

pki abort-certificate-request
domain domain-name

This command is not saved in the
configuration file.

Obtaining certificates

You can obtain the CA certificate, local certificates, and peer certificates related to a PKI domain from

a CA and save them locally for higher lookup efficiency. To do so, use either the offline mode or the

online mode:

In offline mode, obtain the certificates by an out-of-band means like FTP, disk, or email, and then
import them locally. This mode is suitable for the scenario where the CRL repository is not specified,
the CA server does not support SCEP, or the CA server generates the key pair for the certificates.

In online mode, you can obtain the CA certificate through SCEP and obtain local certificates or
peer certificates through LDAP.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: