display pki certificate domain
Use display pki certificate domain to display information about certificates.
Syntax
display pki certificate domain domain-name { ca | local | peer [ serial serial-num ] }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters. The domain name cannot contain the special characters listed in Table 24.
Table 24: Special characters
Character name | Symbol | Character name | Symbol |
---|---|---|---|
Tilde | ~ | Dot | . |
Asterisk | * | Left angle bracket | < |
Backslash | \ | Right angle bracket | > |
Vertical bar | | | Quotation marks | " |
Colon | : | Apostrophe | ' |
ca: Specifies the CA certificate.
local: Specifies the local certificates.
peer: Specifies the peer certificates.
serial serial-num: Specifies the serial number of a peer certificate.
Usage guidelines
If you specify the CA keyword, this command displays information about all CA certificates in the domain. If the domain has RA certificates, the RA certificates are also displayed.
If you specify the local keyword, this command displays information about all local certificates in the domain.
If you specify the peer keyword without a serial number, this command displays brief information about all peer certificates. If you specify a serial number, this command display detailed information about the specified peer certificate.
Examples
# Display information about the CA certificate in PKI domain aaa.
<Sysname> display pki certificate domain aaa ca Certificate: Data: Version: 1 (0x0) Serial Number: 5c:72:dc:c4:a5:43:cd:f9:32:b9:c1:90:8f:dd:50:f6 Signature Algorithm: sha1WithRSAEncryption Issuer: C=cn, O=docm, OU=rnd, CN=rootca Validity Not Before: Jan 6 02:51:41 2011 GMT Not After : Dec 7 03:12:05 2013 GMT Subject: C=cn, O=ccc, OU=ppp, CN=rootca Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:c4:fd:97:2c:51:36:df:4c:ea:e8:c8:70:66:f0: 28:98:ec:5a:ee:d7:35:af:86:c4:49:76:6e:dd:40: 4a:9e:8d:c0:cb:d9:10:9b:61:eb:0c:e0:22:ce:f6: 57:7c:bb:bb:1b:1d:b6:81:ad:90:77:3d:25:21:e6: 7e:11:0a:d8:1d:3c:8e:a4:17:1e:8c:38:da:97:f6: 6d:be:09:e3:5f:21:c5:a0:6f:27:4b:e3:fb:9f:cd: c1:91:18:ff:16:ee:d8:cf:8c:e3:4c:a3:1b:08:5d: 84:7e:11:32:5f:1a:f8:35:25:c0:7e:10:bd:aa:0f: 52:db:7b:cd:5d:2b:66:5a:fb Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption 6d:b1:4e:d7:ef:bb:1d:67:53:67:d0:8f:7c:96:1d:2a:03:98: 3b:48:41:08:a4:8f:a9:c1:98:e3:ac:7d:05:54:7c:34:d5:ee: 09:5a:11:e3:c8:7a:ab:3b:27:d7:62:a7:bb:bc:7e:12:5e:9e: 4c:1c:4a:9f:d7:89:ca:20:46:de:c5:b3:ce:36:ca:5e:6e:dc: e7:c6:fe:3f:c5:38:dd:d5:a3:36:ad:f4:3d:e6:32:7f:48:df: 07:f0:a2:32:89:86:72:22:cd:ed:e5:0f:95:df:9c:75:71:e7: fe:34:c5:a0:64:1c:f0:5c:e4:8f:d3:00:bd:fa:90:b6:64:d8: 88:a6
# Display information about local certificates in the PKI domain aaa.
<Sysname> display pki certificate domain aaa local Certificate: Data: Version: 3 (0x2) Serial Number: bc:05:70:1f:0e:da:0d:10:16:1e Signature Algorithm: sha256WithRSAEncryption Issuer: C=CN, O=sec, OU=software, CN=abdfdc Validity Not Before: Jan 7 20:05:44 2011 GMT Not After : Jan 7 20:05:44 2012 GMT Subject: O=OpenCA Labs, OU=Users, CN=fips fips-sec Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:b2:38:ad:8c:7d:78:38:37:88:ce:cc:97:17:39: 52:e1:99:b3:de:73:8b:ad:a8:04:f9:a1:f9:0d:67: d8:95:e2:26:a4:0b:c2:8c:63:32:5d:38:3e:fd:b7: 4a:83:69:0e:3e:24:e4:ab:91:6c:56:51:88:93:9e: 12:a4:30:ad:ae:72:57:a7:ba:fb:bc:ac:20:8a:21: 46:ea:e8:93:55:f3:41:49:e9:9d:cc:ec:76:13:fd: a5:8d:cb:5b:45:08:b7:d1:c5:b5:58:89:47:ce:12: bd:5c:ce:b6:17:2f:e0:fc:c0:3e:b7:c4:99:31:5b: 8a:f0:ea:02:fd:2d:44:7a:67 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Client, S/MIME X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Client Authentication, E-mail Protection, Microsoft Smartcardlogin Netscape Comment: User Certificate of OpenCA Labs X509v3 Subject Key Identifier: 91:95:51:DD:BF:4F:55:FA:E4:C4:D0:10:C2:A1:C2:99:AF:A5:CB:30 X509v3 Authority Key Identifier: keyid:DF:D2:C9:1A:06:1F:BC:61:54:39:FE:12:C4:22:64:EB:57:3B:11:9F X509v3 Subject Alternative Name: email:fips@ccc.com X509v3 Issuer Alternative Name: email:pki@openca.org Authority Information Access: CA Issuers - URI:http://titan/pki/pub/cacert/cacert.crt OCSP - URI:http://titan:2560/ 1.3.6.1.5.5.7.48.12 - URI:http://titan:830/ X509v3 CRL Distribution Points: Full Name: URI:http://titan/pki/pub/crl/cacrl.crl Signature Algorithm: sha256WithRSAEncryption 94:ef:56:70:48:66:be:8f:9d:bb:77:0f:c9:f4:65:77:e3:bd: ea:9a:b8:24:ae:a1:38:2d:f4:ab:e8:0e:93:c2:30:33:c8:ef: f5:e9:eb:9d:37:04:6f:99:bd:b2:c0:e9:eb:b1:19:7e:e3:cb: 95:cd:6c:b8:47:e2:cf:18:8d:99:f4:11:74:b1:1b:86:92:98: af:a2:34:f7:1b:15:ee:ea:91:ed:51:17:d0:76:ec:22:4c:56: da:d6:d1:3c:f2:43:31:4f:1d:20:c8:c2:c3:4d:e5:92:29:ee: 43:c6:d7:72:92:e8:13:87:38:9a:9c:cd:54:38:b2:ad:ba:aa: f9:a4:68:b5:2a:df:9a:31:2f:42:80:0c:0c:d9:6d:b3:ab:0f: dd:a0:2c:c0:aa:16:81:aa:d9:33:ca:01:75:94:92:44:05:1a: 65:41:fa:1e:41:b5:8a:cc:2b:09:6e:67:70:c4:ed:b4:bc:28: 04:50:a6:33:65:6d:49:3c:fc:a8:93:88:53:94:4c:af:23:64: cb:af:e3:02:d1:b6:59:5f:95:52:6d:00:00:a0:cb:75:cf:b4: 50:c5:50:00:65:f4:7d:69:cc:2d:68:a4:13:5c:ef:75:aa:8f: 3f:ca:fa:eb:4d:d5:5d:27:db:46:c7:f4:7d:3a:b2:fb:a7:c9: de:18:9d:c1
# Display brief information about all peer certificates in the PKI domain aaa.
<Sysname> display pki certificate domain aaa peer Total peer certificates: 1 Serial Number: 9a0337eb2156ba1f5476e4d754a5a9f7 Subject Name: CN=sldsslserver
# Display detailed information about a peer certificate in the PKI domain aaa.
<Sysname> display pki certificate domain aaa peer serial 9a0337eb2156ba1f5476e4d754a5a9f7 Certificate: Data: Version: 3 (0x2) Serial Number: 9a:03:37:eb:21:56:ba:1f:54:76:e4:d7:54:a5:a9:f7 Signature Algorithm: sha1WithRSAEncryption Issuer: C=cn, O=ccc, OU=sec, CN=ssl Validity Not Before: Oct 15 01:23:06 2010 GMT Not After : Jul 26 06:30:54 2012 GMT Subject: CN=sldsslserver Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:c2:cf:37:76:93:29:5e:cd:0e:77:48:3a:4d:0f: a6:28:a4:60:f8:31:56:28:7f:81:e3:17:47:78:98: 68:03:5b:72:f4:57:d3:bf:c5:30:32:0d:58:72:67: 04:06:61:08:3b:e9:ac:53:b9:e7:69:68:1a:23:f2: 97:4c:26:14:c2:b5:d9:34:8b:ee:c1:ef:af:1a:f4: 39:da:c5:ae:ab:56:95:b5:be:0e:c3:46:35:c1:52: 29:9c:b7:46:f2:27:80:2d:a4:65:9a:81:78:53:d4: ca:d3:f5:f3:92:54:85:b3:ab:55:a5:03:96:2b:19: 8b:a3:4d:b2:17:08:8d:dd:81 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:9A:83:29:13:29:D9:62:83:CB:41:D4:75:2E:52:A1:66:38:3C:90:11 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement Netscape Cert Type: SSL Server X509v3 Subject Alternative Name: DNS:docm.com X509v3 Subject Key Identifier: 3C:76:95:9B:DD:C2:7F:5F:98:83:B7:C7:A0:F8:99:1E:4B:D7:2F:26 X509v3 CRL Distribution Points: Full Name: URI:http://s03130.ccc.sec.com:447/ssl.crl Signature Algorithm: sha1WithRSAEncryption 61:2d:79:c7:49:16:e3:be:25:bb:8b:70:37:31:32:e5:d3:e3: 31:2c:2d:c1:f9:bf:50:ad:35:4b:c1:90:8c:65:79:b6:5f:59: 36:24:c7:14:63:44:17:1e:e4:cf:10:69:fc:93:e9:70:53:3c: 85:aa:40:7e:b5:47:75:0f:f0:b2:da:b4:a5:50:dd:06:4a:d5: 17:a5:ca:20:19:2c:e9:78:02:bd:19:77:da:07:1a:42:df:72: ad:07:7d:e5:16:d6:75:eb:6e:06:58:ee:76:31:63:db:96:a2: ad:83:b6:bb:ba:4b:79:59:9d:59:6c:77:59:5b:d9:07:33:a8: f0:a5
Related commands
pki domain
pki retrieve-certificate