A device needs to communicate with the CA server to obtain and verify certificates. When the server is in a VPN, add a PKI realm to the VPN.
The system view is displayed.
A PKI realm is created and the PKI realm view is displayed, or the view of an existing PKI realm is displayed.
By default, there is a PKI realm named default in the root system, and this realm can be modified but cannot be deleted; no PKI realm is created in a virtual system.
A PKI realm is valid only on the local device and unavailable to CAs or other devices. Each PKI realm has its own parameters.
A PKI is added to a specified VPN.
By default, a PKI does not belong to any VPN.
The vpn-instance-name parameter is set using the ip vpn-instance command.
The system view is displayed.
A CMP session is created and the CMP session view is displayed; or the view of an existing CMP session is displayed.
By default, no CMP session is created.
A CMP session is valid only on the local device and is unavailable to CAs and other devices.
A PKI is added to a specified VPN.
By default, a PKI does not belong to any VPN.
The vpn-instance-name parameter is set using the ip vpn-instance command.
You can specify the public parameter only in the CMP session view of a virtual system. After this parameter is specified, the root system forwards the VPN service in the virtual system.