| Parameter Name | Parameter Meaning |
|---|---|
subject_name |
Specifies the subject of a CA certificate. |
day |
Specifies the validity period of the CA certificate. |
If the automatic certificate update function is configured, the device automatically updates certificates using SCEP or CMPv2 when the certificates are about to expire or have expired.
You need to ensure that the link between the device and CA server is reachable, the PKI configuration is correct, and the CA server is working properly.
If the automatic certificate update function is not configured, and SCEP is used, run the pki enroll-certificate realm command in the system view to manually update the certificates. If CMPv2 is used, run the pki cmp keyupdate-request session command in the system view to manually update the certificates.
Ensure that the link between the device and CA server is reachable, the PKI configuration is correct, and the CA server is working properly.
Send the certificate request file to the CA server through the web system, disk, or email to apply for a CA certificate and local certificate.
Run the pki delete-certificate command in the system view to delete the old CA certificate and local certificate from the device memory.
Use methods such as SFTP to upload the obtained CA and local certificates to the storage medium of the device, and run the pki import-certificate command in the system view to import the certificates to the memory of the device.