display pki certificate (all views)
Function
The display pki certificate command displays the content about the CA or local certificate loaded to the device and OCSP server certificate.
Format
display pki certificate { ca | local | ocsp } [ realm realm-name | filename file-name ]
display pki certificate default ca [ key-pair-type { rsa | sm2 } ]
display pki certificate default local [ key-pair-type { rsa | sm2 { encipher | signature } } ]
Parameters
| Parameter | Description | Value |
|---|---|---|
ca |
Displays content about the CA certificate. |
- |
local |
Displays content about the local certificate. |
- |
ocsp |
Displays content about the Online Certificate Status Protocol (OCSP) server's certificate. |
- |
realm realm-name |
Specifies the PKI realm name of a certificate to be checked. |
The PKI realm name must already exist. |
filename file-name |
Specifies the name of a certificate file. |
The value must be an existing certificate file name. |
default |
Specifies the content of the default built-in certificate. |
- |
key-pair-type |
Specifies the key pair type. |
- |
rsa |
Sets the key pair type to RSA. |
- |
sm2 |
Sets the key pair type to SM2. |
- |
encipher |
Displays SM2 encrypted certificates. |
- |
signature |
Displays SM2 signature certificates. |
- |
Usage Guidelines
This command shows information about the CA certificate, local certificate, and OCSP server's certificate, including signature algorithm, issuer, validity period, subject, and subject public key.
When you display the internal CA or local certificate on virtual system, the internal certificate of the root system is displayed.
Example
# Display information about the CA certificate.
<sysname> display pki certificate ca realm abc
The x509 object type is certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:f0:1a:f3:67:21:44:9a:4a:eb:ec:63:75:5d:d7:5f
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=ca_root
Validity
Not Before: Jun 4 14:58:17 2015 GMT
Not After : Jun 4 15:07:10 2020 GMT
Subject: CN=ca_root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d9:5f:2a:93:cb:66:18:59:8c:26:80:db:cd:73:
d5:68:92:1b:04:9d:cf:33:a2:73:64:3e:5f:fe:1a:
53:78:0e:3d:e1:99:14:aa:86:9b:c3:b8:33:ab:bb:
76:e9:82:f6:8f:05:cf:f6:83:8e:76:ca:ff:7d:f1:
bc:22:74:5e:8f:4c:22:05:78:d5:d6:48:8d:82:a7:
5d:e1:4c:a4:a9:98:ec:26:a1:21:07:42:e4:32:43:
ff:b6:a4:bd:5e:4d:df:8d:02:49:5d:aa:cc:62:6c:
34:ab:14:b0:f1:58:4a:40:20:ce:be:a5:7b:77:ce:
a4:1d:52:14:11:fe:2a:d0:ac:ac:16:95:78:34:34:
21:36:f2:c7:66:2a:14:31:28:dc:7f:7e:10:12:e5:
6b:29:9a:e8:fb:73:b1:62:aa:7e:bd:05:e5:c6:78:
6d:3c:08:4c:9c:3f:3b:e0:e9:f2:fd:cb:9a:d1:b7:
de:1e:84:f4:4a:7d:e2:ac:08:15:09:cb:ee:82:4b:
6b:bd:c6:68:da:7e:c8:29:78:13:26:e0:3c:6c:72:
39:c5:f8:ad:99:e4:c3:dd:16:b5:2d:7f:17:e4:fd:
e4:51:7a:e6:86:f0:e7:82:2f:55:d1:6f:08:cb:de:
84:da:ce:ef:b3:b1:d6:b3:c0:56:50:d5:76:4d:c7:
fb:75
Exponent: 65537 (0x10001)
X509v3 extensions:
1.3.6.1.4.1.311.20.2:
...C.A
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
B8:63:72:A4:5E:19:F3:B1:1D:71:E1:37:26:E1:46:39:01:B6:82:C5
X509v3 CRL Distribution Points:
Full Name:
URI:http://vasp-e6000-127.china.huawei.com/CertEnroll/ca_root.
crl
URI:file://\\vasp-e6000-127.china.huawei.com\CertEnroll\ca_roo
t.crl
1.3.6.1.4.1.311.21.1:
...
Signature Algorithm: sha1WithRSAEncryption
52:21:46:b8:67:c8:c3:4a:e7:f8:cd:e1:02:d4:24:a7:ce:50:
be:33:af:8a:49:47:67:43:f9:7f:79:88:9c:99:f5:87:c9:ff:
08:0f:f3:3b:de:f9:19:48:e5:43:0e:73:c7:0f:ef:96:ef:5a:
5f:44:76:02:43:83:95:c4:4e:06:5e:11:27:69:65:97:90:4f:
04:4a:1e:12:37:30:95:24:75:c6:a4:73:ee:9d:c2:de:ea:e9:
05:c0:a4:fb:39:ec:5c:13:29:69:78:33:ed:d0:18:37:6e:99:
bc:45:0e:a3:95:e9:2c:d8:50:fd:ca:c2:b3:5a:d8:45:82:6e:
ec:cc:12:a2:35:f2:43:a5:ca:48:61:93:b9:6e:fe:7c:ac:41:
bf:88:70:57:fc:bb:66:29:ae:73:9c:95:b9:bb:1d:16:f7:b4:
6a:da:03:df:56:cf:c7:c7:8c:a9:19:23:61:5b:66:22:6f:7e:
1d:26:92:69:53:c8:c6:0e:b3:00:ff:54:77:5e:8a:b5:07:54:
fd:18:39:0a:03:ac:1d:9f:1f:a1:eb:b9:f8:0d:21:25:36:d5:
06:de:33:fa:7b:c8:e9:60:f3:76:83:bf:63:c6:dc:c1:2c:e4:
58:b9:cb:48:15:d2:a8:fa:42:72:15:43:ef:55:63:39:58:77:
e8:ae:0f:34
Pki realm name: abc
Certificate file name: abc_ca.cer
Certificate peer name: -
<sysname> display pki certificate default ca key-pair-type sm2
The x509 object type is certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:e7:06:6e:9f:fe:b7:01
Signature Algorithm: sm3WithSM2Encryption
Issuer: C=CN, ST=JS, L=NJ, O=HW, OU=VPN, CN=SM2-CA-210235G7G410FB000060
Validity
Not Before: Mar 22 10:32:03 2019 GMT
Not After : Mar 19 10:32:03 2029 GMT
Subject: C=CN, ST=JS, L=NJ, O=HW, OU=VPN, CN=SM2-CA-210235G7G410FB000060
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:ca:67:05:11:b7:f6:00:46:1c:1c:2c:a0:9b:91:
14:85:e1:47:fd:00:0c:d7:02:86:89:95:14:24:17:
69:3b:2d:df:08:c5:a5:87:68:c7:8a:d4:b6:c8:88:
97:91:a7:77:bf:0f:35:22:a9:0f:aa:3f:9e:7a:a2:
d7:5a:32:50:aa
ASN1 OID: SM2
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
DC:64:85:85:41:A7:0A:5B:E9:FE:11:50:3F:50:2F:69:52:40:6E:F5
Netscape Cert Type:
SSL CA
Signature Algorithm: sm3WithSM2Encryption
30:45:02:21:00:af:c1:18:a9:70:57:26:9c:73:04:d9:cc:fb:
44:1f:55:bf:8e:5f:1d:bc:73:19:62:08:65:50:b7:cb:fa:ab:
4b:02:20:7e:eb:ba:a6:38:f0:37:e9:20:13:2d:e7:79:3e:f9:
22:0c:a0:85:1e:1b:0f:8a:26:c5:84:f9:fb:4a:ab:f0:8d
Item
|
Description |
|---|---|
The x509 object type is certificate |
X.509 object type is certificate. |
Certificate |
Information about a certificate. |
Data |
Data of a certificate. |
Version |
Version of a certificate. |
Serial Number |
Serial number of a certificate. |
Signature Algorithm |
Signature algorithm of a certificate. |
Issuer |
Issuer of a certificate. |
Validity |
Validity period of a certificate. |
Subject |
Subject of a certificate. The subject includes the following attributes:
|
Subject Public Key Info |
Information about the public key of a certificate. |
Public Key Algorithm |
Public key algorithm. |
Public-Key |
Public key. |
Modulus |
Key modulus. |
Exponent |
Key exponent. |
X509v3 extensions |
X.509v3 certificate extensions. |
X509v3 Key Usage |
X509v3 key usage. |
X509v3 Basic Constraints |
Basic constraints. |
CA |
Whether the CA can be trusted. |
X509v3 Subject Key Identifier |
Identifier of a subject key. |
Full Name |
Full name of CRL. |
Pki realm name |
PKI realm name. |
Certificate file name |
Certificate file name. |
Certificate peer name |
Certificate peer name. |
pub |
Public key. |
ASN1 OID |
Elliptic curve group. |
Netscape Cert Type |
Netscape certificate type. |