pki request-certificate
Use pki request-certificate to submit a local certificate request or generate a certificate request in PKCS#10 format.
Syntax
pki request-certificate domain domain-name [ password password ] [ pkcs10 [ filename filename ] ]
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters. The domain name cannot contain the special characters listed in Table 34.
Table 34: Special characters
Character name | Symbol | Character name | Symbol |
|---|---|---|---|
Tilde | ~ | Dot | . |
Asterisk | * | Left angle bracket | < |
Backslash | \ | Right angle bracket | > |
Vertical bar | | | Quotation marks | " |
Colon | : | Apostrophe | ' |
password password: Sets the password for certificate revocation, a case-sensitive string of 1 to 31 characters. The password is contained in the certificate request and must be provided if the certificate is revoked.
pkcs10: Displays BASE64-encoded PKCS#10 certificate request information, which can be used to request a certificate by an out-of-band means, like phone, disk, or email.
filename filename: Specifies a local file for saving the certificate request in PKCS#10 format. The filename argument is case-insensitive.
Usage guidelines
If SCEP fails, you can perform one of the following tasks:
Use the pkcs10 keyword to print the BASE64-encoded request information.
Use the pkcs10 filename filename option to save the request information to a local file and transfer the file to the CA by using an out-of-band means. The file name can contain an absolute path. If the specified path does exist, the request information cannot be saved.
This command is not saved in the configuration file.
Examples
# Display information about the certificate request in PKCS#10 format.
<Sysname> system-view [Sysname] pki request-certificate domain aaa pkcs10 *** Request for general certificate *** -----BEGIN NEW CERTIFICATE REQUEST----- MIIBTDCBtgIBADANMQswCQYDVQQDEwJqajCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEAw5Drj8ofs9THA4ezkDcQPBy8pvH1kumampPsJmx8sGG52NFtbrDTnTT5 ALx3LJijB3d/ndKpcHT/DfbJVDCn5gdw32tBZyCkEwMHZN3ol2z7Nmdcu5TED6iN8 4m+hfp1QWoV6lty3o9pxAXuQl8peUDcfN6WV3LBXYyl1WCtkLkECAwEAAaAAMA0G CSqGSIb3DQEBBAUAA4GBAA8E7BaIdmT6NVCZgv/I/1tqZH3TS4e4H9Qo5NiCKiEw R8owVmA0XVtGMbyqBNcDTG0f5NbHrXZQT5+MbFJOnm5K/mn1ro5TJKMTKV46PlCZ JUjsugaY02GBY0BVcylpC9iIXLuXNIqjh1MBIqVsa1lQOHS7YMvnop6hXAQlkM4c -----END NEW CERTIFICATE REQUEST-----
# Request the local certificates.
[Sysname] pki request-certificate domain openca Start to request general certificate ... … Request certificate of domain openca successfully
Related commands
display pki certificate