3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

441

442

443

444

445

446

447

448

449

450

442 CHAPTER 24: PKI CONFIGURATION COMMANDS

issuer: /emailAddress=myca@3com.com/C=CN/ST=Beijing/L=Beijing/O=hw3c/OU=bjs/

CN=myca

Key usage: general purpose

# Enable the debugging function for PKI certificate validation

[SecBlade_VPN] debugging pki verify

[SecBlade_VPN] pki validate-certificate local domain 1

Verify certificate......

Serial Number:

101E266A 00000000 006B

Issuer:

emailAddress=myca@3com.com

C=CN

ST=Beijing

L=Beijing

O=hw3c

OU=bjs

CN=myca

Subject:

C=CN

ST=bei jing

O=hua wei - 3com

CN=pki test

Verify result: ok

Tabl e 279 Description on the fields of the debugging pki command

Field Description

Create PKCS#10 request Encapsulation of entity request in PKCS#10 format

PKCS#7 envelope Data encapsulation in PKCS#7 encryption format

inner PKCS#7 PKCS#7 encryption of datagram

outer PKCS#7 Signing of PKCS#7 datagram

PKCS#7 develope De-encapsulation of PKCS#7 encrypted packet

host_name Host name of registration server

dir_name CGI script directory of the registration server

data payload Data payload

token seen DN information of an entity

pkistatus PKI certificate operation status

SUCCESS Succeeded

FAILURE Failed

PENDING Waiting for procession

fingerprint Usually the signature of CA

base64 encoded A data encoding mode

x509 Request Request for certificates in standard X509 format

Key usage Encryption, signature, and other common usages

Issuer Certificate issuer

Subject The entity that delivers certificate request

SCEP send message The entity sends a certificate operation packet to CA through SCEP

Signed Certificates Certificates signed by CA