Profile specific—TA profile
Two forms of output are available for this command, summary and detailed. If no argument is provided, a brief about all profiles is printed as shown below.
Show profile specific
Show Trust Anchor profile specific details.
Syntax
Example
Profile Name Status -------------------- -------------- --------------------------------- HP Procurve Root Certificate Installed Microsoft_Inc Pending Root Certificate Installation
NOTE: This command is not available on the web UI. | |
Example
If a TA profile name is specified as an argument, the Trust Anchor details for the specified TA profile name is displayed.
Profile Name Status -------------------- ----------------------------------------------- HP Procurve 3 certificates installed Trust Anchor: <print_cert for Trust Anchor>
The output format for the TA certificate is same as the format for “Certificate details” above. The “Status” field lists the total number of certificates, including intermediates and local, that references this trust anchor. Intermediate certificates are shown with local certificates, as certificates under an anchor form a tree not a list.
NOTE: This command is not available on the web UI. | |
Certificate details
Show the configured switch identity.
Syntax
(Switch_Name#) show crypto pki
<identity-profile>
Definitions
Example
Sample output: Switch Identity: Common Name (CN) : <max 90 chars> Org Unit (OU) : <max 100 chars> Org Name (O) : <max 100 chars> Locality (L) : <max 100 chars> State (ST) : <max 100 chars> Country (C) : <max 2 chars>
NOTE: Blank fields display as empty, except for
Common Name
. SinceCommon Name
is a required field, it displays asnot configured
when empty.This command is not available with the web UI. If configured, the ID profile is displayed in the Web UI.
Display PKI certificate
Syntax
Example
<Sysname> display pki certificate local Certificate: Data: Version: 3 (0x2) Serial Number: 10B7D4E3 00010000 0086… Issuer: emailAddress=myca@aabbcc.net C=CN ST=Country A L=City X O=abc OU=bjs CN=new-ca Validity Not Before: Jan 13 08:57:21 2004 GMT Not After : Jan 20 09:07:21 2005 GMT Subject: C=CN ST=Country B L=City Y CN=PKI test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00D41D1F … Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS: hyf.xxyyzz.net X509v3 CRL Distribution Points: URI:ldap://1.1.1.1:447/myca.crl … … Signature Algorithm: md5WithRSAEncryption A3A5A447 4D08387D …
All data needed to display the certificate as shown above comes from the certificate so is available. Note that the X509 extension display values will change depending on what extensions are present in the certificate. When no extensions are present, the “X509v3 extensions:” line is not present.
NOTE: The X509 extension display values change depending on what extensions are present in the certificate. When no extensions are present, the “X509v3 extensions:” line is not present. | |