证书申请成功后,可执行命令display pki certificate local查看已经导入内存的本地证书的内容。
[Switch] display pki certificate local realm abc
The x509 object type is certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
48:65:aa:2a:00:00:00:00:3f:c6
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=ca_root
Validity
Not Before: Dec 21 11:46:10 2015 GMT
Not After : Dec 21 11:56:10 2016 GMT
Subject: C=CN, ST=jiangsu, O=huawei, OU=info, CN=hello
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:94:6f:49:bd:6a:f3:d5:07:ee:10:ee:4f:d3:06:
80:59:15:cb:a8:0a:b2:ba:c2:db:52:ec:e9:d1:a7:
72:de:ac:35:df:bb:e0:72:62:08:3e:c5:54:c1:ba:
4a:bb:1b:a9:d9:dc:e4:b6:4d:ca:b3:54:90:b6:8e:
15:a3:6e:2d:b2:9e:9e:7a:33:b0:56:3f:ec:bc:67:
1c:4c:59:c6:67:0f:a7:03:52:44:8c:53:72:42:bd:
6e:0c:90:5b:88:9b:2c:95:f7:b8:89:d1:c2:37:3e:
93:78:fa:cb:2c:20:22:5f:e5:9c:61:23:7b:c0:e9:
fe:b7:e6:9c:a1:49:0b:99:ef:16:23:e9:44:40:6d:
94:79:20:58:d7:e1:51:a1:a6:4b:67:44:f7:07:71:
54:93:4e:32:ff:98:b4:2b:fa:5d:b2:3c:5b:df:3e:
23:b2:8a:1a:75:7e:8f:82:58:66:be:b3:3c:4a:1c:
2c:64:d0:3f:47:13:d0:5a:29:94:e2:97:dc:f2:d1:
06:c9:7e:54:b3:42:2e:15:b8:40:f3:94:d3:76:a1:
91:66:dd:40:29:c3:69:70:6d:5a:b7:6b:91:87:e8:
bb:cb:a5:7e:ec:a5:31:11:f3:04:ab:1a:ef:10:e6:
f1:bd:d9:76:42:6c:2e:bf:d9:91:39:1d:08:d7:b4:
18:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
IP Address:10.2.0.2, DNS:test.abc.com, email:user@test.abc.com
X509v3 Subject Key Identifier:
15:D1:F6:24:EB:6B:C0:26:19:58:88:91:8B:60:42:CE:BA:D5:4D:F3
X509v3 Authority Key Identifier:
keyid:B8:63:72:A4:5E:19:F3:B1:1D:71:E1:37:26:E1:46:39:01:B6:82:C
5
X509v3 CRL Distribution Points:
Full Name:
URI:file://\\vasp-e6000-127.china.huawei.com\CertEnroll\ca_roo
t.crl
URI:http://10.3.0.1:8080/certenroll/ca_root.crl
Authority Information Access:
CA Issuers - URI:http://vasp-e6000-127.china.huawei.com/CertEnro
ll/vasp-e6000-127.china.huawei.com_ca_root.crt
OCSP - URI:file://\\vasp-e6000-127.china.huawei.com\CertEnroll\v
asp-e6000-127.china.huawei.com_ca_root.crt
1.3.6.1.4.1.311.20.2:
.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
1.3.6.1.5.5.8.2.2
Signature Algorithm: sha1WithRSAEncryption
d2:be:a8:52:6b:03:ce:89:f1:5b:49:d4:eb:2b:9f:fd:59:17:
d4:3c:f1:db:4f:1b:d1:12:ac:bf:ae:59:b4:13:1b:8a:20:d0:
52:6a:f8:a6:03:a6:72:06:41:d2:a7:7d:3f:51:64:9b:84:64:
cf:ec:4c:23:0a:f1:57:41:53:eb:f6:3a:44:92:f3:ec:bd:09:
75:db:02:42:ab:89:fa:c4:cd:cb:09:bf:83:1d:de:d5:4b:68:
8a:a6:5f:7a:e8:b3:34:d3:e8:ec:24:37:2b:bd:3d:09:ed:88:
d8:ed:a7:f8:66:aa:6f:b0:fe:44:92:d4:c9:29:21:1c:b3:7a:
65:51:32:50:5a:90:fa:ae:e1:19:5f:c8:63:8d:a8:e7:c6:89:
2e:6d:c8:5b:2c:0c:cd:41:48:bd:79:74:0e:b8:2f:48:69:df:
02:89:bb:b3:59:91:7f:6b:46:29:7e:22:05:8c:bb:6a:7e:f3:
11:5a:5f:fb:65:51:7d:35:ff:49:9e:ec:d1:2d:7e:73:e5:99:
c6:41:84:0c:50:11:ed:97:ed:15:de:11:22:73:a1:78:11:2e:
34:e6:f5:de:66:0c:ba:d5:32:af:b8:54:26:4f:5b:9e:89:89:
2a:3f:b8:96:27:00:c3:08:3a:e9:e8:a6:ce:4b:5a:e3:97:9e:
6b:dd:f0:72
Pki realm name: abc
Certificate file name: abc_local.cer
Certificate peer name: -
证书申请成功后,可执行命令display pki certificate ca查看已经导入内存的CA证书的内容。
[Switch] display pki certificate ca realm abc
The x509 object type is certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:f0:1a:f3:67:21:44:9a:4a:eb:ec:63:75:5d:d7:5f
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=ca_root
Validity
Not Before: Jun 4 14:58:17 2015 GMT
Not After : Jun 4 15:07:10 2020 GMT
Subject: CN=ca_root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d9:5f:2a:93:cb:66:18:59:8c:26:80:db:cd:73:
d5:68:92:1b:04:9d:cf:33:a2:73:64:3e:5f:fe:1a:
53:78:0e:3d:e1:99:14:aa:86:9b:c3:b8:33:ab:bb:
76:e9:82:f6:8f:05:cf:f6:83:8e:76:ca:ff:7d:f1:
bc:22:74:5e:8f:4c:22:05:78:d5:d6:48:8d:82:a7:
5d:e1:4c:a4:a9:98:ec:26:a1:21:07:42:e4:32:43:
ff:b6:a4:bd:5e:4d:df:8d:02:49:5d:aa:cc:62:6c:
34:ab:14:b0:f1:58:4a:40:20:ce:be:a5:7b:77:ce:
a4:1d:52:14:11:fe:2a:d0:ac:ac:16:95:78:34:34:
21:36:f2:c7:66:2a:14:31:28:dc:7f:7e:10:12:e5:
6b:29:9a:e8:fb:73:b1:62:aa:7e:bd:05:e5:c6:78:
6d:3c:08:4c:9c:3f:3b:e0:e9:f2:fd:cb:9a:d1:b7:
de:1e:84:f4:4a:7d:e2:ac:08:15:09:cb:ee:82:4b:
6b:bd:c6:68:da:7e:c8:29:78:13:26:e0:3c:6c:72:
39:c5:f8:ad:99:e4:c3:dd:16:b5:2d:7f:17:e4:fd:
e4:51:7a:e6:86:f0:e7:82:2f:55:d1:6f:08:cb:de:
84:da:ce:ef:b3:b1:d6:b3:c0:56:50:d5:76:4d:c7:
fb:75
Exponent: 65537 (0x10001)
X509v3 extensions:
1.3.6.1.4.1.311.20.2:
...C.A
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
B8:63:72:A4:5E:19:F3:B1:1D:71:E1:37:26:E1:46:39:01:B6:82:C5
X509v3 CRL Distribution Points:
Full Name:
URI:http://vasp-e6000-127.china.huawei.com/CertEnroll/ca_root.
crl
URI:file://\\vasp-e6000-127.china.huawei.com\CertEnroll\ca_roo
t.crl
1.3.6.1.4.1.311.21.1:
...
Signature Algorithm: sha1WithRSAEncryption
52:21:46:b8:67:c8:c3:4a:e7:f8:cd:e1:02:d4:24:a7:ce:50:
be:33:af:8a:49:47:67:43:f9:7f:79:88:9c:99:f5:87:c9:ff:
08:0f:f3:3b:de:f9:19:48:e5:43:0e:73:c7:0f:ef:96:ef:5a:
5f:44:76:02:43:83:95:c4:4e:06:5e:11:27:69:65:97:90:4f:
04:4a:1e:12:37:30:95:24:75:c6:a4:73:ee:9d:c2:de:ea:e9:
05:c0:a4:fb:39:ec:5c:13:29:69:78:33:ed:d0:18:37:6e:99:
bc:45:0e:a3:95:e9:2c:d8:50:fd:ca:c2:b3:5a:d8:45:82:6e:
ec:cc:12:a2:35:f2:43:a5:ca:48:61:93:b9:6e:fe:7c:ac:41:
bf:88:70:57:fc:bb:66:29:ae:73:9c:95:b9:bb:1d:16:f7:b4:
6a:da:03:df:56:cf:c7:c7:8c:a9:19:23:61:5b:66:22:6f:7e:
1d:26:92:69:53:c8:c6:0e:b3:00:ff:54:77:5e:8a:b5:07:54:
fd:18:39:0a:03:ac:1d:9f:1f:a1:eb:b9:f8:0d:21:25:36:d5:
06:de:33:fa:7b:c8:e9:60:f3:76:83:bf:63:c6:dc:c1:2c:e4:
58:b9:cb:48:15:d2:a8:fa:42:72:15:43:ef:55:63:39:58:77:
e8:ae:0f:34
Pki realm name: abc
Certificate file name: abc_ca.cer
Certificate peer name: -
配置证书自动更新功能后,当系统检测到时间已经超过了配置的当前证书有效期的60%之后,就会向SCEP服务器发起证书的更新请求。
由于配置命令auto-enroll时选择了regenerate参数,更新时系统会生成新的RSA密钥对去申请新证书。