389
certificate request polling
Use
certificate request polling
to set the polling interval and the maximum number of attempts to
query certificate request status.
Use
undo certificate request polling
to restore the defaults.
Syntax
certificate request polling
{
count
count
|
interval
interval
}
undo certificate request polling
{
count
|
interval
}
Default
The polling interval is 20 minutes, and the maximum number of attempts is 50.
Views
PKI domain view
Predefined user roles
network-admin
mdc-admin
Parameters
count count
: Specifies the maximum number of query attempts. The value range is 1 to 100.
interval interval
: Specifies a polling interval in minutes. The value range is 5 to 168.
Usage guidelines
After a PKI entity submits a certificate request, it might take the CA server a while to issue the
certificate if the CA administrator must manually approve the certificate request. During this period,
the PKI entity periodically queries the CA server for the certificate request status. The periodic query
operation stops until the PKI entity obtains the certificate or the maximum number of query attempts
is reached. If the maximum number of query attempts is reached, the certificate request fails.
If the CA server automatically approves certificate requests, the PKI entity can obtain the certificate
immediately after it submits a certificate request. In this case, the PKI entity does not send queries to
the CA server.
Examples
# Set the polling interval to 15 minutes, and the maximum number of query attempts to 40.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request polling interval 15
[Sysname-pki-domain-aaa] certificate request polling count 40
Related commands
display pki certificate request-status
certificate request url
Use
certificate request url
to specify the URL of the certificate request reception authority (CA or
RA) to which the device should send SCEP certificate requests.
Use
undo certificate request url
to restore the default.
Syntax
certificate request url
url-string
[
vpn-instance
vpn-instance-name
]