pki cmp certificate-request session
Function
The pki cmp certificate-request session command configures a device to send a certificate request (CR) to the CMPv2 server based on CMP session information.
Parameters
| Parameter | Description | Value |
|---|---|---|
| session-name | Specifies the name of a CMP session. | The value must be an existing CMP session name. |
Usage Guidelines
Usage Scenario
When a device has a certificate issued by a CA, the device can send a CR to apply for a certificate for another device.
After this command is executed, the system checks whether the configuration in the CMP session can be used for certificate application. If not, the system displays an error message. If so, the system initiates the CR according to the configuration. The obtained certificate is saved in a file on the CF card or Hda1, but not imported to the memory.
The device does not support the message authentication code mode. If the CMP session mode is set to message authentication code, the system displays an error message.
Prerequisites
A CMP session has been created using the pki cmp session command.
Example
# Send a CR to the CMPv2 server.
<HUAWEI> system-view [HUAWEI] pki cmp session test [HUAWEI-pki-cmp-session-test] quit [HUAWEI] pki cmp certificate-request session test Info: Initializing configuration. Info: Creatting certification request packet. Info: Connectting to CMPv2 server. Info: Sending certification request packet. Info: Waitting for certification response packet. Info: Creatting confirm packet. Info: Connectting to CMPv2 server. Info: Sending confirm packet. Info: Waitting for confirm packet from server. Info: CMPv2 operation finish.