The password command sets the challenge password used for certificate application through SCEP, which is also used to revoke a certificate.
The undo password command deletes the challenge password used for certificate application through SCEP.
By default, no challenge password is configured.
| Parameter | Description | Value |
|---|---|---|
| cipher password | Specifies the challenge password used for certificate application through SCEP. The password is displayed in ciphertext. | The value is a string of case-sensitive characters. It cannot contain question marks (?). The password is in plaintext that contains 1 to 64 characters or in ciphertext that contains 48 to 108 characters. NOTE:
To improve communication security, it is recommended that the certificate revocation password contains at least three types of lowercase letters, uppercase letters, numerals, and special characters, and contains at least six characters. |
When a PKI entity uses SCEP to apply for a certificate from CA, CA needs to verify the challenge password of the entity. CA accepts the certificate application request only when the challenge password is correct. You need to run this command to set a challenge password for the PKI entity.
The challenge password is also used to revoke a certificate. It avoids misoperations in certificate revocation.