certificate request mode
Use certificate request mode to set the certificate request mode.
Use undo certificate request mode to restore the default.
Syntax
certificate request mode { auto [ password { cipher | simple } string ] | manual }
undo certificate request mode
Default
The certificate request mode is manual.
Views
PKI domain view
Predefined user roles
network-admin
mdc-admin
Parameters
auto: Specifies the auto certificate request mode.
password: Specifies a password for certificate revocation.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 31 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.
manual: Specifies the manual certificate request mode.
Usage guidelines
A certificate request can be submitted to a CA in offline or online mode. In online mode, a certificate request can be automatically or manually submitted:
Auto request mode—A PKI entity automatically obtains the CA certificate and submits a certificate request to the CA when both of the following conditions exist:
An associated application (IKE, for example) performs identity authentication.
No certificate is available for the application on the device.
In auto request mode, specify the password for certificate revocation as required by the CA policy.
Manual request mode—You must manually obtain the CA certificate and submit certificate requests.
Examples
# Set the certificate request mode to auto.
<Sysname> system-view [Sysname] pki domain aaa [Sysname-pki-domain-aaa] certificate request mode auto
# Set the certificate request mode to auto, and set the certificate revocation password in plain text to 123456.
<Sysname> system-view [Sysname] pki domain aaa [Sysname-pki-domain-aaa] certificate request mode auto password simple 123456
Related commands
pki request-certificate