The display pki certificate built-in-ca command displays the content of the SSL decryption certificate uploaded on the device.
This command shows information about the SSL decryption certificate, including signature algorithm, issuer, validity period, subject, subject public key, PKI realm name, and certificate file name.
# Display information about the SSL decryption certificate built-in-ca.
<sysname> display pki certificate built-in-ca
The x509 object type is certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f2:1c:74:f0:df:e0:2f:c6
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CN, ST=Jiangsu, L=Beijing, O=org1, OU=Group1,Sale, CN=huawei
Validity
Not Before: Oct 23 23:44:55 2015 GMT
Not After : Oct 13 23:44:55 2055 GMT
Subject: C=CN, ST=Jiangsu, L=Beijing, O=org1, OU=Group1,Sale, CN=huawei
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b1:63:50:17:73:de:cc:9e:2b:41:fe:0e:58:28:
47:b7:ce:6b:77:5c:29:b1:3e:cf:d3:e0:53:63:1e:
21:cc:f6:11:34:7c:eb:8a:d7:08:b5:96:c4:0b:4a:
4d:33:6c:77:23:21:51:bb:10:d6:7d:d3:82:a0:6a:
f5:f6:8d:17:e0:f2:73:99:7b:c7:89:c8:fc:61:42:
0b:a5:d7:1a:11:47:ed:e1:5f:60:a6:c5:93:f0:07:
3f:73:fe:80:16:98:02:23:df:ab:04:85:13:25:32:
61:69:e8:f3:ab:a0:d8:e9:41:f8:c2:5f:14:9e:b7:
3b:49:1d:48:b4:b2:8d:bf:b9:00:ee:25:5d:7a:11:
a6:d3:23:61:99:ad:0f:54:be:00:a1:58:dd:d2:91:
ad:5c:6f:9d:d0:8c:e0:6f:a3:4e:df:ba:fd:b1:e3:
6f:1b:b3:1f:e6:42:91:1c:1a:4f:a3:a7:0e:3c:2c:
4c:f9:18:1f:9d:22:f8:09:da:ff:a7:7c:b8:77:20:
19:8a:90:d0:00:21:e4:1f:41:cc:f0:0c:ba:8f:23:
c3:9f:f9:ae:d8:49:95:be:75:49:7d:d7:d0:ce:3c:
28:27:e9:11:02:4d:c0:1a:d0:f7:38:7f:94:f8:9c:
9d:78:71:43:50:d3:05:01:07:18:f4:2f:c5:ec:96:
5d:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:10.1.1.1, DNS:example.com, email:test@example.com
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
3F:D2:BC:62:6B:F5:10:29:C4:59:9D:B9:71:A7:EB:B1:C4:16:91:9F
Netscape Cert Type:
SSL CA
Netscape Comment:
example comment extension
Signature Algorithm: sha1WithRSAEncryption
89:d5:47:31:23:c3:f9:df:fd:96:c5:38:fb:1e:b5:52:00:bd:
21:fd:f0:18:af:8e:e8:01:b7:e6:b3:a1:0e:51:4b:61:4d:d5:
52:1e:60:60:6a:67:9f:82:90:e3:1d:97:36:8f:c4:30:20:f4:
14:58:4c:78:61:3c:4a:d4:0f:98:a9:05:e0:b5:cb:6a:78:eb:
c6:40:9d:00:7b:31:8d:0e:21:72:db:31:34:83:5d:e5:42:98:
85:09:6d:1e:c5:23:ce:e3:72:46:67:79:4b:1b:18:ba:cb:5e:
ba:08:ee:0e:24:e5:58:07:0c:2e:b8:cf:e6:6b:09:67:76:80:
e5:0e:66:a2:cb:3a:a1:bc:56:27:1c:1b:fd:5a:b5:ad:9f:a4:
32:2b:32:3e:9a:9d:f5:04:ee:e5:e1:1c:76:8a:c2:45:f1:3e:
8c:da:ab:f6:cf:82:d0:b3:4c:91:7a:c8:ad:b5:2c:28:54:e0:
79:40:b6:b5:f1:6f:92:23:4d:94:8b:20:0d:92:86:43:98:17:
d5:9b:b0:7f:99:f2:f1:df:0f:d3:f2:5c:9d:35:bc:64:25:13:
39:62:ba:98:cb:cc:6a:08:fc:2c:86:2e:2e:91:80:8b:3e:27:
14:f7:45:fe:9f:f8:1a:87:05:c9:21:c3:61:d1:69:82:e3:05:
5c:44:c5:82
Pki realm name: -
Certificate file name: buzzcer
Certificate peer name: -
Item
|
Description |
|---|---|
| The x509 object type is certificate | X.509 object type is certificate. |
| Certificate | Information about a certificate. |
| Data | Data of a certificate. |
| Version | Version of a certificate. |
| Serial Number | Serial number of a certificate. |
| Signature Algorithm | Signature algorithm of a certificate. |
| Issuer | Issuer of a certificate. |
| Validity | Validity period of a certificate. |
| Subject | Certificate subject. The subject includes the following attributes:
|
| Subject Public Key Info | Information about the public key of a certificate. |
| Public Key Algorithm | Public key algorithm. It is configured using the pki rsa local-key-pair create command. |
| Public-Key | RSA public key. |
| Modulus | Key modulus. |
| Exponent | Key exponent. |
| X509v3 extensions | X.509v3 certificate extensions. |
| X509v3 Subject Alternative Name | Alternative name of the X.509v3 subject. |
| IP Address | IP address of the PKI entity. It is configured using the ip-address command. |
| DNS | DNS name of a PKI entity. It is configured using the fqdn command. |
Email address of a PKI entity. It is configured using the email command. |
|
| X509v3 Basic Constraints | Basic constraints. |
| CA | Whether the CA can be trusted. |
| X509v3 Key Usage | X.509v3 key use. |
| X509v3 Subject Key Identifier | Identifier of an X.509v3 subject key. |
| Netscape Cert Type | Netscape certificate type. |
| Netscape Comment | Netscape comment. |
| Signature Algorithm | Signature algorithm. |
| Pki realm name | PKI realm name. It is configured using the pki realm (system view) command. |
| Certificate file name | Name of a certificate file. It is configured using the pki generate built-in-ca certificate command. |
| Certificate peer name | Name of a certificate peer. It is configured using the pki import-certificate peer command. |