This operation enables you to view details about built-in CA certificates.
Context
- On the built-in CA certificate management page, click
to refresh the built-in CA certificate information. - On the built-in CA certificate management page, click
or 
next to a parameter and enter a keyword or select a parameter value to search for desired built-in CA certificates. - On the built-in CA certificate management page, click
and select specified built-in CA certificate parameters to be viewed. - On the built-in CA certificate management page, click
or 
next to a parameter to change the sequence of the parameter.
Procedure
- Choose Settings > Certificate > Built-in CA.
- View the built-in CA certificate information. Table 1 describes related parameters.
Table 1 Built-in CA certificate parameters Parameter
Description
Name
Name of a built-in CA certificate. The value of this parameter can be RootCA, Web, Service, MicroService, and External.
Type
Type of a built-in CA certificate. The value of this parameter can be Root CA certificate or Subordinate CA certificate.
NOTE:Only subordinate CA certificates can be used to issue digital certificates.
Issuer Certificate Name
Name of the issuer certificate. Subordinate CA certificates are issued by the root CA certificate.
Used By
User of a built-in CA certificate.
Key Algorithm
Key algorithm of a built-in CA certificate.
Start Time
Start time of the validity period of a built-in CA certificate.
Expiration Time
Expiration time of a built-in CA certificate.
SN
Serial number of a built-in CA certificate.
Signature Hash Algorithm
Signature algorithm used by a built-in CA certificate.
Status
Status of a built-in CA certificate.
Expiration Warning Days
Number of days before a CA certificate expires. When the period starts, the system sends warning to users about the expiration. The value ranges from 7 to 180, in unit of days.
Issued By
Issuer of a built-in CA certificate.
Fingerprint
Hashed value of the content of a built-in CA certificate. This value is unique for every certificate. When a device obtains a certificate, the certificate fingerprint is required to ensure that the certificate content is not tampered with by unauthorized users. If the certificate fingerprint is different from that configured in the PKI domain, the device will refuse the certificate.
Parameters Expiration Warning Days, Issued By, and Fingerprint are displayed only after you click the name of a built-in CA to go to the details page.
- Click the name of a built-in CA certificate to view its basic information and the digital certificates issued by it.
The Root CA cannot issue digital certificates. Therefore, you will see no issued digital certificates after clicking the name of the Root CA.