pki cmp keyupdate-request session

Function

The pki cmp keyupdate-request session command configures a device to send a key update request (KUR) to the CMPv2 server based on CMP session information.

Format

pki cmp keyupdate-request session session-name

Parameters

Parameter	Description	Value
session-name	Specifies the name of a CMP session.	The value must be an existing CMP session name.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a device has a certificate issued by a CA, the device can send a KUR to update the certificate.

After the command is executed, the system checks whether the configuration in the CMP session can be used for certificate update application. If not, the system displays an error message. If so, the system initiates a KUR according to the configuration. The updated certificate is saved in a file on the device storage, but not imported to the memory.

The device does not support the message authentication code mode. If the CMP session mode is set to message authentication code, the system displays an error message.

Prerequisites

A CMP session has been created using the pki cmp session command.

Example

# Send a KUR to the CMPv2 server.

<HUAWEI> system-view
[HUAWEI] pki cmp session test
[HUAWEI-pki-cmp-session-test] quit
[HUAWEI] pki cmp keyupdate-request session test
 Info: Initializing configuration.                                              
 Info: Creatting key update request packet.                                     
 Info: Connectting to CMPv2 server.                                             
 Error: CMPv2 server connect failed.                                            
 Info: CMPv2 operation finish.