Configuring a PKI Entity to Obtain a CA Certificate
Context
When applying for a local certificate, the PKI entity sends the certificate enrollment request to the CA. To improve transmission security, the PKI entity must use the CA's public key to encrypt the certificate enrollment message. Therefore, the PKI entity must have the CA's certificate and obtain the public key from the CA certificate.
The CA and local certificates have been set in the default domain when a device is delivered. To view the CA certificate information, run the display pki certificate ca realm default command.