certificate domain

Use certificate domain to specify a PKI domain for signature authentication.

Use undo certificate domain to remove a PKI domain for signature authentication.


certificate domain domain-name

undo certificate domain domain-name


No PKI domains are specified for signature authentication.


IKE profile view

Predefined user roles




domain-name: Specifies the name of a PKI domain, a case-insensitive string of 1 to 31 characters.

Usage guidelines

You can specify a maximum of six PKI domains for an IKE profile by executing this command multiple times.

IKE uses the specified PKI domains for enrollment, authentication, certificate issuing, validation, and signature. If you do not specify any PKI domains, IKE uses all PKI domains configured on the device.

Follow these restrictions and guidelines for the device to obtain the CA certificate during IKE negotiation:

IKE first automatically obtains the CA certificate, and then requests a local certificate. If the CA certificate already exists locally, IKE automatically requests a local certificate.


# Specify PKI domain abc for IKE profile 1.

<Sysname> system-view
[Sysname] ike profile 1
[Sysname-ike-profile-1] certificate domain abc

Related commands


pki domain