R0106-HP MSR Router Series Security Command Reference(V7)
247
performs identity authentication. You can set a password for certificate revocation if the CA server
policy requires one.
• Manual request mode—You must manually obtain the CA certificate and submit certificate
requests.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Examples
# Set the certificate request mode to auto.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request mode auto
# Set the certificate request mode to auto, and set a plaintext password for certificate revocation to
123 456 .
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] certificate request mode auto password simple 123456
Related commands
pki request-certificate
certificate request polling
Use certificate request polling to set the polling interval and the maximum number of attempts for
querying certificate request status.
Use undo certificate request polling to restore the defaults.
Syntax
certificate request polling { count count | interval minutes }
undo certificate request polling { count | interval }
Default
The polling interval is 20 minutes, and the maximum number of attempts is 50.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
count count: Sets the maximum number of attempts for querying certificate request status, in the range of
1 to 100.
interval minutes: Sets a polling interval in minutes, in the range of 5 to 168.
Usage guidelines
After a PKI entity submits a certificate request, the CA server might need a long period of time if it verifies
the certificate request manually. During this period, the PKI entity periodically queries the status of the
request so that it can obtain the certificate promptly after the certificate is issued. The PKI entity stops