The auto-enroll command enables automatic certificate enrollment and update.
The undo auto-enroll command disables automatic certificate enrollment and update.
By default, the automatic certificate enrollment and update are disabled.
auto-enroll [ percent ] [ regenerate [ key-bit ] ] [ updated-effective ]
undo auto-enroll [ updated-effective ]
Parameter |
Description |
Value |
|---|---|---|
percent |
Specifies the percentage of the certificate's validity period after which a new certificate is requested automatically. |
The value is an integer that ranges from 10 to 100. The default value is 100. When the old certificate expires, the system requests a new certificate. |
regenerate |
Indicates the RSA key pair will be generated during certificate updates. |
- |
key-bit |
Specifies the number of bits in the RSA key pair generated during certificate updates. |
The value is an integer that ranges from 2048 to 4096. The default value is 2048. |
updated-effective |
Indicates that the certificate takes effect immediately after being updated. By default, an updated certificate takes effect only after the old one expires. |
- |
Usage Scenario
Automatic certificate enrollment: When the certificates are unavailable, will expire, or have expired, an entity automatically requests a new certificate or renews the certificate using the Simple Certification Enrollment Protocol (SCEP).
By default, the automatic certificate enrollment and update function is disabled. When a certificate has expired, you must request a certificate for an entity manually. You can still request a certificate for an entity manually when the automatic certificate enrollment and update function is enabled.
Precautions