Manually requesting a certificate
Before you manually submit a certificate request, make sure the CA certificate exists and a key pair is specified for the PKI domain.
The CA certificate is used to verify the authenticity and validity of the obtained local certificate.
The key pair is used for certificate request. Upon receiving the public key and the identity information, the CA signs and issues a certificate.
After the CA issues the certificate, the device obtains and saves it locally.
To manually request a certificate:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter PKI domain view. | pki domain domain-name | N/A |
3. Set the certificate request mode to manual. | certificate request mode manual | By default, the manual request mode applies. |
4. Return to system view. | quit | N/A |
5. Obtain a CA certificate. | See "Obtaining certificates." | N/A |
6. Submit a certificate request or generate a certificate request in PKCS#10 format. | pki request-certificate domain domain-name [ password password ] [ pkcs10 [ filename filename ] ] | This command is not saved in the configuration file. This command triggers the PKI entity to automatically generate a key pair if the key pair specified in the PKI domain does not exist. The name, algorithm, and length of the key pair are configured in the PKI domain. |