No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display pki realm

display pki realm

Function

The display pki realm command displays PKI realm information.

Format

display pki realm [ realm-name ]

Parameters

Parameter Description Value
realm-name

Displays the detailed information about a PKI realm.

If the parameter is left blank, information about all PKI realms is displayed.

The PKI realm name must already exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

This command displays details about a PKI realm, including PKI realm name, associated CA, CA certificate subject name, URL of the certificate enrolled through SCEP, PKI entity name, digital fingerprint algorithm of CA certificate, and digital fingerprint of CA certificate.

Example

# Display information about all PKI realms.

<Huawei> display pki realm abc
 Realm Name : abc                                                               
 CA ID: CA_ROOT                                                                 
 CA Name: "/CN=ca_root"                                                         
 Enrollment URL: http://10.136.7.196:8080/certsrv/mscep/mscep.dll               
 Certificate Request Interval(Minutes): 1                                       
 Certificate Request Times: 5                                                   
 Enrollment Mode: RA                                                            
 Enrollment Method: SCEP                                                        
 Entity Name: abc                                                               
 CA Certificate Fingerprint Arithmetic: sha256                                  
 CA Certificate Fingerprint: e71add0744360e91186b828412d279e06dcc15a4ab4bb3d1384
2820396b526a0 
 OCSP Nonce: Enable                                                             
 OCSP URL: -                                                                    
 Method for Getting CRL: HTTP                                                   
 CDP URL: -                                                                     
 Certificate Revocation Check Method: -                                         
 RSA Key Name: abc
 Auto-enroll: Enable 
 Auto-enroll Percent: 100% 
 Auto-enroll Regenerate: Enable
 Auto-enroll Regenerate Key-size: 2048 
 Auto-enroll Updated-effective: Disable 
 Password Cipher: Enable 
 Password: %^%#:,3/YY@~[@(`1DBbZ&o$s`B\@S+3:UT0tF9EzSM:%^%# 
 Crl Update-period(Hours): 8 
 Crl Cache: Enable            
 Key-usage: -  
 Vpn-instance: -  
 Source IP: -
 Enrollment-request Signature Message-digest-method: SHA256
 CA Certificate total number: 0  
 Local Certificate total number: 0 
 OCSP Certificate total number: 0 
 CRL Total Number: 0
                                                                                
 Total Number: 1 
Table 26-102  Description of the display pki realm command output

Item

Description

Realm Name

PKI realm name. It is configured using the pki realm (system view) command.

CA ID

ID of the CA associated with the PKI realm.

CA Name

Subject name of a CA certificate.

Enrollment URL

URL of the certificate enrolled on the SCEP server. It is configured using the enrollment-url command.

Certificate Request Interval(Minutes)

Interval between two certificate enrollment status queries.

Certificate Request Times

Maximum number of certificate enrollment status queries.

Enrollment Mode

Certificate enrollment mode (whether enrolled through RA). It is configured using the enrollment-url command.

Enrollment Method

Certificate enrollment method, including:

  • SCEP: obtains certificate from CA using the SCEP protocol.

  • Self-Signed: obtains certificate using self-signature.

Entity Name

PKI entity name. It is configured using the entity command.

CA Certificate Fingerprint Arithmetic

Fingerprint algorithm of the CA certificate. It is configured using the fingerprint command.

CA Certificate Fingerprint

Digital fingerprint of the CA certificate. It is configured using the fingerprint command.

OCSP Nonce

Whether a nonce extension is added to the OCSP request sent by a PKI entity.
  • Enable: A nonce extension is added to the OCSP request sent by a PKI entity.
  • Disable: A nonce extension is not added to the OCSP request sent by a PKI entity.

It is configured using the ocsp nonce enable command.

OCSP URL

OCSP server's URL. It is configured using the ocsp url command.

Method for Getting CRL

Method of obtaining CRL.
  • SCEP: updates the CRL automatically using SCEP. It is configured using the crl scep command.

  • HTTP: updates the CRL automatically using HTTP. It is configured using the crl http command.

CDP URL

URL of the CDP. It is configured using the cdp-url command.

Crl Cache

Whether the PKI realm is allowed to use the CRL in cache.
  • Enable: The PKI realm is allowed to use the CRL in cache.
  • Disable: The PKI realm is not allowed to use the CRL in cache.

To configure whether to allow the PKI realm to use the CRL in cache, run the crl cache command.

Certificate Revocation Check Method

Certificate status check method. It is configured using the certificate-check command.

RSA Key Name

RSA key. It is configured using the rsa local-key-pair command.

Auto-enroll

Whether automatic certificate enrollment is enabled.
  • Enable: Automatic certificate enrollment is enabled.
  • Disable: Automatic certificate enrollment is disabled.

It is configured using the auto-enroll command.

Auto-enroll Percent

The percentage of the certificate's validity period. It is configured using the auto-enroll command.

Auto-enroll Regenerate

Whether the RSA key pair will be generated during certificate updates.

  • Enable: The RSA key pair will be generated during certificate updates.
  • Disable: The RSA key pair will not be generated during certificate updates.

It is configured using the auto-enroll command.

Auto-enroll Regenerate Key-size

RSA key length. It is configured using the auto-enroll command.

Auto-enroll Updated-effective

Whether the certificate takes effect immediately after being updated.
  • Enable: The certificate takes effect immediately after being updated.
  • Disable: The certificate does not take effect immediately after being updated.

It is configured using the auto-enroll command.

Password Cipher

Whether the challenge password can be used.
  • Enable: The challenge password can be used.
  • Disable: The challenge password cannot be used.

Password

Password used to apply for or revoke a certificate. It is configured using the password (PKI realm view) command.

Crl Update-period(Hours)

CRL update interval. It is configured using the crl update-period command.

Key-usage

Purpose information carried in a certificate request packet. It is configured using the key-usage command.

Vpn-instance

VPN to which the PKI realm is added.

Source IP

Source IP address used by the device to communicate with the PKI server. It is configured using the source command.

Enrollment-request Signature Message-digest-method

Digest method used for the enrollment request packet of signed certificate. It is configured using the enrollment-request signature message-digest-method command.

CA Certificate total number

Total number of CA certificates.

Local Certificate total number

Total number of local certificates.

OCSP Certificate total number

Total number of OCSP certificates.

CRL Total Number

Total number of CRL certificates.

Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 203218

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next