< Home

enrollment-url

Function

The enrollment-url command configures the URL of the CA server.

The undo enrollment-url command deletes the URL of the CA server.

By default, the URL of the CA server is not configured.

Format

enrollment-url [ esc ] url [ interval minutes ] [ times count ] [ ra ]

undo enrollment-url

Parameters

Parameter

Description

Value

esc

Indicates that the URL address is in ASCII mode.

-

url

Specifies the URL of the CA server. The URL is in the format of http://server_location/ca_script_location. server_location can use only the IP address format and domain name resolution. ca_script_location is the path where CA server host's application script is located, for example, http://10.137.145.158:8080/certsrv/mscep/mscep.dll.

The value is a string starting with http:// and consisting of 1 to 128 case-sensitive characters without spaces.

interval minutes

Specifies the interval between two certificate enrollment status queries.

The value is an integer that ranges from 1 to 1440, in minutes. The default value is 1.

times count

Specifies the maximum number of certificate enrollment status queries.

The value is an integer that ranges from 1 to 100. The default value is 5.

ra

Configures an RA to authenticate a PKI entity's identity information during local certificate application. By default, a CA authenticates a PKI entity's identity information during local certificate application.

-

Views

PKI realm view

Default Level

2: Configuration level

Usage Guidelines

The URL refers to the address provided by a CA server for certificate application. For example, a CA server running Windows Server 2008 uses a URL address in the format http://host:port/certsrv/mscep/mscep.dll, in which host indicates the IP address of the CA server and port indicates the port number.

The keyword esc supports the entering of URLs that include the question mark (?) in ASCII code. The URL must be in \x3f format, and 3f is the hexadecimal ASCII code for the question mark (?). For example, if a user wants to enter http://***.com?page1, the URL is http://***.com\x3fpage1. If a user wants to enter http://www.***.com?page1\x3f that includes both a question mark (?) and \x3f, the URL is http://www.***.com\x3fpage1\\x3f.

Example

# Create a PKI realm test and configure the URL of the CA server.

<HUAWEI> system-view
[HUAWEI] pki realm test
[HUAWEI-pki-realm-test] enrollment-url http://10.13.14.15:8080/certsrv/mscep/mscep.dll ra
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >