Profile specific—TA profile

Two forms of output are available for this command, summary and detailed. If no argument is provided, a brief about all profiles is printed as shown below.

Show profile specific

Show Trust Anchor profile specific details.

Syntax

(Switch_Name#)show crypto pki ta-profile [ta-profile-name]

ta-certificate

Copy a Trust Anchor certificate to the device.

ta-profile-name

Trust Anchor Profile for the certificate.

Example

   Profile Name         Status
-------------------- -------------- ---------------------------------
 HP Procurve          Root Certificate Installed
 Microsoft_Inc        Pending Root Certificate Installation

[NOTE: ]

NOTE: This command is not available on the web UI.


Example

If a TA profile name is specified as an argument, the Trust Anchor details for the specified TA profile name is displayed.

Profile Name          Status
--------------------  -----------------------------------------------
HP Procurve           3 certificates installed

Trust Anchor: <print_cert for Trust Anchor>

The output format for the TA certificate is same as the format for “Certificate details” above. The “Status” field lists the total number of certificates, including intermediates and local, that references this trust anchor. Intermediate certificates are shown with local certificates, as certificates under an anchor form a tree not a list.


[NOTE: ]

NOTE: This command is not available on the web UI.


Certificate details

Show the configured switch identity.

Syntax

(Switch_Name#) show crypto pki <identity-profile>

Definitions

identity-profile

Displays the configured Id profile related information.

Example

Sample output:
Switch Identity:
Common Name (CN) : <max 90 chars>
Org Unit (OU)    : <max 100 chars>
Org Name (O)     : <max 100 chars>
Locality (L)     : <max 100 chars>
State (ST)       : <max 100 chars>
Country (C)      : <max 2 chars>

[NOTE: ]

NOTE: Blank fields display as empty, except for Common Name. Since Common Name is a required field, it displays as not configured when empty.

This command is not available with the web UI. If configured, the ID profile is displayed in the Web UI.


Display PKI certificate

Syntax

display pki certificate <ca|local>

Definitions

pki

Display PKI information.

certificate

Display certificate configuration information.

ca

CA certificate.

local

Local certificate.

Example

<Sysname> display pki certificate local
Certificate:
  Data:
   Version: 3 (0x2)
   Serial Number: 10B7D4E3 00010000 0086…
  Issuer:
   emailAddress=myca@aabbcc.net
   C=CN
   ST=Country A
   L=City X
   O=abc
   OU=bjs
   CN=new-ca
Validity
   Not Before:  Jan 13 08:57:21 2004 GMT
   Not After :  Jan 20 09:07:21 2005 GMT
Subject:
   C=CN
   ST=Country B
   L=City Y
   CN=PKI test
Subject Public Key Info:
   Public Key Algorithm:  rsaEncryption
   RSA Public Key:  (512 bit)
   Modulus (512 bit):
    00D41D1F …
    Exponent:  65537 (0x10001)
   X509v3 extensions:
    X509v3 Subject Alternative Name:
    DNS: hyf.xxyyzz.net
   X509v3 CRL Distribution Points: URI:ldap://1.1.1.1:447/myca.crl
…          …
Signature Algorithm:  md5WithRSAEncryption
A3A5A447 4D08387D …

All data needed to display the certificate as shown above comes from the certificate so is available. Note that the X509 extension display values will change depending on what extensions are present in the certificate. When no extensions are present, the “X509v3 extensions:” line is not present.


[NOTE: ]

NOTE: The X509 extension display values change depending on what extensions are present in the certificate. When no extensions are present, the “X509v3 extensions:” line is not present.