ike signature-identity from-certificate
Use ike signature-identity from-certificate to configure the local device to obtain the identity information from the local certificate for signature authentication.
Use undo ike signature-identity from-certificate to restore the default.
Syntax
ike signature-identity from-certificate
undo ike signature-identity from-certificate
Default
The local end uses the identity information specified by the local-identity or ike identity command for signature authentication.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command requires the local device to always use the identity information in the local certificate for signature authentication, regardless of the local-identity or ike identity configuration.
Configure this command when the aggressive mode and signature authentication are used and the device interconnects with a Comware 5-based peer device. Comware 5 supports only DN for signature authentication.
If the ike signature-identity from-certificate command is not configured, the local-identity command configuration, if configured, takes precedence over the ike identity command configuration.
Examples
# Configure the local device to always obtain the identity information from the local certificate for signature authentication.
<Sysname> system-view [sysname] ike signature-identity from-certificate
Related commands
local-identity
ike identity