Manually submitting an online certificate request

About manual online certificate request mode

In manual request mode, you must execute the pki request-certificate domain command to request a local certificate in a PKI domain. The certificate will be saved in the domain after it is obtained from the CA.

Procedure

  1. Enter system view.

    system-view

  2. Enter PKI domain view.

    pki domain domain-name

  3. Set the certificate request mode to manual.

    certificate request mode manual

    By default, the manual request mode applies.

  4. Return to system view.

    quit

  5. Obtain a CA certificate.

    See "Obtaining certificates."

    This step is required if the PKI domain does not have a CA certificate. The CA certificate is used to verify the authenticity and validity of the obtained local certificate.

  6. Manually submit an SCEP certificate request.

    pki request-certificate domain domain-name [ password password ]

    This command is not saved in the configuration file.

    If the CA policy requires a password for certificate revocation, specify the password in this command.