Function
The display pki certificate command displays the content about the CA or local certificate loaded to the device and OCSP server certificate.
Format
display pki certificate { ca | local | ocsp } [ realm realm-name | filename file-name ]
display pki certificate filename file-name
display pki certificate default { ca | local }
Parameters
| Parameter | Description | Value |
|---|---|---|
| ca | Displays content about the CA certificate. | - |
| local | Displays content about the local certificate. | - |
| ocsp | Displays content about the Online Certificate Status Protocol (OCSP) server's certificate. | - |
| realm realm-name | Specifies the PKI realm name of a certificate to be checked. | The PKI realm name must already exist. |
| filename file-name | Specifies the name of a certificate file. | The value must be an existing certificate file name. |
| default | Specifies the content of the default built-in certificate. | - |
Default Level
The default level of the display pki certificate filename file-name command is 3: Management level, and the default level of other display pki certificate commands is 2: Configuration level.
Usage Guidelines
This command shows information about the CA certificate, local certificate, and OCSP server's certificate, including signature algorithm, issuer, validity period, subject, and subject public key.
NOTE: When you display the internal CA or local certificate on virtual system, the internal certificate of the root system is displayed.
Example
# Display information about the CA certificate.
<sysname> display pki certificate ca realm abc
The x509 object type is certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:f0:1a:f3:67:21:44:9a:4a:eb:ec:63:75:5d:d7:5f
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=ca_root
Validity
Not Before: Jun 4 14:58:17 2015 GMT
Not After : Jun 4 15:07:10 2020 GMT
Subject: CN=ca_root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d9:5f:2a:93:cb:66:18:59:8c:26:80:db:cd:73:
d5:68:92:1b:04:9d:cf:33:a2:73:64:3e:5f:fe:1a:
53:78:0e:3d:e1:99:14:aa:86:9b:c3:b8:33:ab:bb:
76:e9:82:f6:8f:05:cf:f6:83:8e:76:ca:ff:7d:f1:
bc:22:74:5e:8f:4c:22:05:78:d5:d6:48:8d:82:a7:
5d:e1:4c:a4:a9:98:ec:26:a1:21:07:42:e4:32:43:
ff:b6:a4:bd:5e:4d:df:8d:02:49:5d:aa:cc:62:6c:
34:ab:14:b0:f1:58:4a:40:20:ce:be:a5:7b:77:ce:
a4:1d:52:14:11:fe:2a:d0:ac:ac:16:95:78:34:34:
21:36:f2:c7:66:2a:14:31:28:dc:7f:7e:10:12:e5:
6b:29:9a:e8:fb:73:b1:62:aa:7e:bd:05:e5:c6:78:
6d:3c:08:4c:9c:3f:3b:e0:e9:f2:fd:cb:9a:d1:b7:
de:1e:84:f4:4a:7d:e2:ac:08:15:09:cb:ee:82:4b:
6b:bd:c6:68:da:7e:c8:29:78:13:26:e0:3c:6c:72:
39:c5:f8:ad:99:e4:c3:dd:16:b5:2d:7f:17:e4:fd:
e4:51:7a:e6:86:f0:e7:82:2f:55:d1:6f:08:cb:de:
84:da:ce:ef:b3:b1:d6:b3:c0:56:50:d5:76:4d:c7:
fb:75
Exponent: 65537 (0x10001)
X509v3 extensions:
1.3.6.1.4.1.311.20.2:
...C.A
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
B8:63:72:A4:5E:19:F3:B1:1D:71:E1:37:26:E1:46:39:01:B6:82:C5
X509v3 CRL Distribution Points:
Full Name:
URI:http://vasp-e6000-127.china.huawei.com/CertEnroll/ca_root.
crl
URI:file://\\vasp-e6000-127.china.huawei.com\CertEnroll\ca_roo
t.crl
1.3.6.1.4.1.311.21.1:
...
Signature Algorithm: sha1WithRSAEncryption
52:21:46:b8:67:c8:c3:4a:e7:f8:cd:e1:02:d4:24:a7:ce:50:
be:33:af:8a:49:47:67:43:f9:7f:79:88:9c:99:f5:87:c9:ff:
08:0f:f3:3b:de:f9:19:48:e5:43:0e:73:c7:0f:ef:96:ef:5a:
5f:44:76:02:43:83:95:c4:4e:06:5e:11:27:69:65:97:90:4f:
04:4a:1e:12:37:30:95:24:75:c6:a4:73:ee:9d:c2:de:ea:e9:
05:c0:a4:fb:39:ec:5c:13:29:69:78:33:ed:d0:18:37:6e:99:
bc:45:0e:a3:95:e9:2c:d8:50:fd:ca:c2:b3:5a:d8:45:82:6e:
ec:cc:12:a2:35:f2:43:a5:ca:48:61:93:b9:6e:fe:7c:ac:41:
bf:88:70:57:fc:bb:66:29:ae:73:9c:95:b9:bb:1d:16:f7:b4:
6a:da:03:df:56:cf:c7:c7:8c:a9:19:23:61:5b:66:22:6f:7e:
1d:26:92:69:53:c8:c6:0e:b3:00:ff:54:77:5e:8a:b5:07:54:
fd:18:39:0a:03:ac:1d:9f:1f:a1:eb:b9:f8:0d:21:25:36:d5:
06:de:33:fa:7b:c8:e9:60:f3:76:83:bf:63:c6:dc:c1:2c:e4:
58:b9:cb:48:15:d2:a8:fa:42:72:15:43:ef:55:63:39:58:77:
e8:ae:0f:34
Pki realm name: abc
Certificate file name: abc_ca.cer
Certificate peer name: -
Item |
Description |
|---|---|
| The x509 object type is certificate. | x509 object type is certificate. |
| Certificate | Information about a certificate. |
| Data | Data of a certificate. |
| Version | Version of a certificate. |
| Serial Number | Serial number of a certificate. |
| Signature Algorithm | Signature algorithm of a certificate. It is configured using the enrollment-request signature message-digest-method command. |
| Issuer | Issuer of a certificate. |
| Validity | Validity period of a certificate. |
| Subject | Subject of a certificate. The subject includes the following attributes:
|
| Subject Public Key Info | Information about the public key of a certificate. |
| Public Key Algorithm | Public key algorithm. |
| Public-Key | RSA public key. It is configured using the rsa local-key-pair command. |
| Modulus | Key modulus. |
| Exponent | Key exponent. |
| X509v3 extensions | X.509v3 certificate extensions. |
| X509v3 Key Usage | X509v3 key usage. |
| X509v3 Basic Constraints | Basic constraints. |
| CA | Whether the CA can be trust. |
| X509v3 Subject Key Identifier | Identifier of a subject key. |
| Full Name | Full name of CDP. |
| Pki realm name | PKI realm name. It is configured using the pki realm (system view) command. |
| Certificate file name | Certificate file name. It is configured using the pki import-certificate command. |
| Certificate peer name | Certificate peer name. |