display pki certificate

Syntax

display pki certificate { { ca | local } domain domain-name | request-status } [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

ca: Displays the CA certificate.

local: Displays the local certificate.

domain-name: Name of the PKI domain, a string of 1 to 15 characters.

request-status: Displays the status of a certificate request.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use display pki certificate to display the contents or request status of a certificate.

Related commands: certificate request polling, pki domain, and pki retrieval-certificate.

Examples

# Display the local certificate.

<Sysname> display pki certificate local domain 1
Certificate:
    Data: 
        Version: 3 (0x2)
        Serial Number: 
            10B7D4E3 00010000 0086
        Signature Algorithm: md5WithRSAEncryption
        Issuer: 
            emailAddress=myca@aabbcc.net
            C=CN
            ST=Country A
            L=City X
            O=abc
            OU=bjs
            CN=new-ca
        Validity
            Not Before: Jan 13 08:57:21 2012 GMT
            Not After : Jan 20 09:07:21 2012 GMT
        Subject: 
            C=CN
            ST=Country B
            L=City Y
            CN=pki test
        Subject Public Key Info: 
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit): 
                    00D41D1F …
                Exponent: 65537 (0x10001)
        X509v3 extensions: 
            X509v3 Subject Alternative Name: 
            DNS: hyf.xxyyzz.net
            X509v3 CRL Distribution Points:
            URI:http://1.1.1.1:447/myca.crl
            …          …
    Signature Algorithm: md5WithRSAEncryption
        A3A5A447 4D08387D …

Table 35: Command output

Field	Description
Version	Version of the certificate
Serial Number	Serial number of the certificate
Signature Algorithm	Signature algorithm
Issuer	Issuer of the certificate
Validity	Validity period of the certificate
Subject	Entity holding the certificate
Subject Public Key Info	Public key information of the entity
X509v3 extensions	Extensions of the X.509 (version 3) certificate
X509v3 CRL Distribution Points	Distribution points of X.509 (version 3) CRLs

prev	up	next
crl url	home	display pki certificate access-control-policy