ike signature-identity from-certificate

Use ike signature-identity from-certificate to configure the local device to obtain the identity information from the local certificate for signature authentication.

Use undo ike signature-identity from-certificate to restore the default.

Syntax

ike signature-identity from-certificate

undo ike signature-identity from-certificate

Default

The local end uses the identity information specified by the local-identity or ike identity command for signature authentication.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command requires the local device to always use the identity information in the local certificate for signature authentication, regardless of the local-identity or ike identity configuration.

Configure this command when the aggressive mode and signature authentication are used and the device interconnects with a Comware 5-based peer device. Comware 5 supports only DN for signature authentication.

If the ike signature-identity from-certificate command is not configured, the local-identity command configuration, if configured, takes precedence over the ike identity command configuration.

Examples

# Configure the local device to always obtain the identity information from the local certificate for signature authentication.

<Sysname> system-view
[sysname] ike signature-identity from-certificate

Related commands

local-identity

ike identity