[Device] pki domain winserver
# Specify the name of the trusted CA as
[Device-pki-domain-winserver] ca identifier myca
# Configure the URL of the registration server in the form of
http://host:port/certsrv/mscep/mscep.dll, where host:port is the host IP address and port number
of the CA server.
[Device-pki-domain-winserver] certificate request url
# Specify the RA to accept certificate requests.
[Device-pki-domain-winserver] certificate request from ra
# Specify the PKI entity name as
[Device-pki-domain-winserver] certificate request entity aaa
# Specify the RSA key pair with the purpose
, the name
, and the length 1024 bits.
[Device-pki-domain-winserver] public-key rsa general name abc length 1024
[Device-pki-domain-winserver] quit
Generate an RSA local key pair:
[Device] public-key local create rsa name abc
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512,it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
Create the key pair successfully.
Request a local certificate:
# Obtain the CA certificate and save it locally.
[Device] pki retrieve-certificate domain winserver ca
The trusted CA's finger print is:
MD5 fingerprint:766C D2C8 9E46 845B 4DCE 439C 1C1F 83AB
SHA1 fingerprint:97E5 DDED AB39 3141 75FB DB5C E7F8 D7D7 7C9B 97B4
Is the finger print correct?(Y/N):y
Retrieved the certificates successfully.
# Submit a certificate request manually.
[Device] pki request-certificate domain winserver
Start to request the general certificate ...
Certificate requested successfully
Verifying the configuration
# After obtaining the local certificate, display information about the certificate.
[Device] display pki certificate domain winserver local
Version: 3 (0x2)
Serial Number: