The password command sets the challenge password used for certificate application through SCEP, which is also used to revoke a certificate.
The undo password command deletes the challenge password used for certificate application through SCEP.
By default, no challenge password is configured.
| Parameter | Description | Value |
|---|---|---|
| cipher password | Specifies the challenge password used for certificate application through SCEP. The password is displayed in ciphertext. | The value is a string of case-sensitive characters. It cannot contain question marks (?). password is in plaintext that contains 1 to 64 characters or in ciphertext that contains 48 to 108 characters. NOTE:
To improve communication security, it is recommended that the password contain at least three types of lowercase letters, uppercase letters, numerals, and special characters, and contain at least six characters. |
When a PKI entity uses SCEP to apply for a certificate from a CA, the CA needs to verify the challenge password of the entity. The CA accepts the certificate application request only when the challenge password is correct. You need to run this command to set a challenge password for the PKI entity.
The challenge password is also used to revoke a certificate. It avoids misoperations in certificate revocation.