A device needs to communicate with the CA server to obtain and verify certificates. When the server is in a VPN, add a PKI realm to the VPN.
Run system-view
The system view is displayed.
Run pki realm realm-name
A PKI realm is created and the PKI realm view is displayed, or the view of an existing PKI realm is displayed.
By default, the device has a PKI realm named default. This realm can only be modified but cannot be deleted.
A PKI realm is valid only on the local device and unavailable to certificate authorities (CAs) or other devices. Each PKI realm has its own parameters.
Run vpn-instance vpn-instance-name
A PKI is added to a specified VPN.
By default, a PKI does not belong to any VPN.
The vpn-instance-name parameter is set using the ip vpn-instance command.