HP MSR2000/3000/4000 Router Series Security Command Reference
148
certificate request mode
Use certificate request mode to set the certificate request mode.
Use undo certificate request mode to restore the default.
Syntax
certificate request mode { auto [ password { cipher | simple } password ] | manual }
undo certificate request mode
Default
The certificate request mode is manual.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
auto: Specifies the certificate request mode as auto.
password: Specifies a password for certificate revocation.
cipher: Sets a ciphertext password for certificate revocation.
simple: Sets a plaintext password for certificate revocation.
password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be
a string of 1 to 31 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
manual: Specifies the certificate request mode as manual.
Usage guidelines
A certificate request can be submitted to a CA in offline or online mode. In online mode, a certificate
request can be automatically or manually submitted:
• Auto request mode—A PKI entity automatically obtains the CA certificate and submits a certificate
request to the registration acceptance authority when an associated application, for example, IKE,
performs identity authentication. You can set a password for certificate revocation if the CA server
policy requires one.
• Manual request mode—You must manually obtain the CA certificate and submit certificate
requests.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Examples
# Set the certificate request mode to auto.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request mode auto
# Set the certificate request mode to auto, and set a plaintext password for certificate revocation to
123 456 .
<Sysname> system-view
[Sysname] pki domain aaa