| Parameter | Description | Value |
|---|---|---|
| realm-name | Displays the detailed information about a PKI realm. If the parameter is left blank, information about all PKI realms is displayed. |
The PKI realm name must already exist. |
This command displays details about a PKI realm, including PKI realm name, associated CA, CA certificate subject name, URL of the certificate enrolled through SCEP, PKI entity name, digital fingerprint algorithm of CA certificate, and digital fingerprint of CA certificate.
# Display information about all PKI realms.
<sysname> display pki realm abc Realm Name : abc CA ID: - CA Name: - Enrollment URL: - Certificate Request Interval: - Certificate Request Times: - Enrollment Mode: - Enrollment Method: SCEP Entity Name: - CA Certificate Fingerprint Arithmetic: - CA Certificate Fingerprint: - OCSP Nonce: Enable OCSP URL: - Method for Getting CRL: HTTP CDP URL: - Certificate Revocation Check Method: - RSA Key Name: SM2 Key Name: Auto-enroll: Disable Password: - Crl Update-period(Hours): 8 Key-usage: - Vpn-instance: - Source Interface: - Enrollment-request Signature Message-digest-method: SHA256 Total Number: 1
Item |
Description |
|---|---|
Realm Name |
PKI realm name. It is configured using the pki realm (system view) command. |
CA ID |
ID of the CA associated with the PKI realm. It is configured using the ca-name command. |
CA Name |
Subject name of a CA certificate. |
Enrollment URL |
URL of the certificate enrolled on the SCEP server. It is configured using the enrollment-url command. |
Certificate Request Interval(Minutes) |
Interval between two certificate enrollment status queries. |
Certificate Request Times |
Maximum number of certificate enrollment status queries. |
Enrollment Mode |
Certificate enrollment mode (whether enrolled through RA). It is configured using the enrollment-url command. |
Enrollment Method |
Certificate enrollment method, including:
|
Entity Name |
PKI entity name. It is configured using the entity command. |
CA Certificate Fingerprint Arithmetic |
Fingerprint algorithm of the CA certificate. It is configured using the fingerprint command. |
CA Certificate Fingerprint |
Digital fingerprint of the CA certificate. It is configured using the fingerprint command. |
OCSP Nonce |
Whether a nonce extension is added to the OCSP request sent
by a PKI entity.
It is configured using the ocsp nonce enable command. |
OCSP URL |
OCSP server's URL. It is configured using the ocsp url command. |
Method for Getting CRL |
Method of obtaining CRL.
|
CDP URL |
URL of the CDP. It is configured using the cdp-url command. |
Certificate Revocation Check Method |
Certificate status check method. It is configured using the certificate-check command. |
RSA Key Name |
RSA key. It is configured using the rsa local-key-pair command. |
RSA Key Size |
RSA key length. |
| SM2 Key Name | SM2 key. It is configured using the sm2 local-key-pair command. |
Auto-enroll |
Whether automatic certificate enrollment is enabled.
It is configured using the auto-enroll command. |
Password |
Password used to apply for or revoke a certificate. It is configured using the password (PKI realm view) command. |
Crl Update-period(Hours) |
CRL update interval. It is configured using the crl update-period command. |
Key-usage |
Purpose information carried in a certificate request packet. It is configured using the key-usage command. |
Vpn-instance |
VPN to which the PKI realm is added. It is configured using the vpn-instance command. |
Source Interface |
Source interface used by the device to communicate with the PKI server. It is configured using the source interface command. |
Enrollment-request Signature Message-digest-method |
Digest method used for the enrollment request packet of signed certificate. It is configured using the enrollment-request signature message-digest-method command. |