The display pki certificate command displays the content of CA, local, OCSP, and SSL decryption certificates on LPUs.
display pki certificate { ca | local } [ realm realm-name ] logic-spu [ process-name auth ]
display pki certificate ocsp [ realm realm-name ] logic-spu
display pki certificate built-in-ca logic-spu
display pki certificate { ca | local } [ realm realm-name ] slot slot-id cpu cpu-id [ process-name auth ]
display pki certificate ocsp [ realm realm-name ] slot slot-id cpu cpu-id
display pki certificate built-in-ca slot slot-id cpu cpu-id
| Parameter | Description | Value |
|---|---|---|
ca |
Displays information about the CA certificate. |
- |
local |
Displays information about the local certificate. |
- |
ocsp |
Displays information about the OCSP certificate. |
- |
built-in-ca |
Displays information about the SSL certificate. |
- |
realm realm-name |
Displays information about the certificates in the specified PKI realm. |
The PKI realm name must already exist. |
logic-spu |
Specifies the logic CPU. |
- |
slot slot-id |
Specifies the slot ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter. |
The value is an integer and depends on the device configuration. |
cpu cpu-id |
Specifies the CPU ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter. |
The value is an integer and depends on the device configuration. |
process-name auth |
Specifies the auth process. |
- |
# Display CA certificates on LPUs.
<sysname> display pki certificate ca logic-spu
The x509 object type is certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=ca
Validity
Not Before: Nov 10 11:44:00 2014 GMT
Not After : Nov 10 11:44:00 2024 GMT
Subject: CN=ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:e4:d0:dc:4a:85:01:79:7a:7e:fa:3c:8a:5a:b8:
63:54:41:7b:c3:45:0d:10:bc:08:53:f9:32:5e:c9:
68:90:64:5d:87:63:3f:13:23:3e:3f:09:47:c3:d8:
b7:b8:0f:cf:38:2b:b8:ad:1c:27:71:1d:6a:0c:3a:
2f:25:18:b3:00:f3:25:f1:89:2c:b2:e7:fe:5b:55:
c8:cc:c2:a7:85:d9:c3:dc:03:84:8a:ea:c9:6a:4a:
e4:c2:07:ea:8c:cb:3c:31:a5:3e:6c:c7:f4:67:2d:
6b:fc:31:6b:77:c4:65:f6:af:2e:06:5a:bc:ab:fb:
53:10:57:b1:35:96:68:56:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
D5:42:59:F3:8F:04:0C:C9:81:1C:E9:54:1A:71:B4:D4:85:E1:7F:79
X509v3 Key Usage:
Certificate Sign, CRL Sign
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
Netscape Comment:
xca certificate
Signature Algorithm: sha1WithRSAEncryption
db:d3:4f:ec:4f:0b:86:e3:21:1f:1e:87:77:c8:56:e9:27:86:
10:6a:8a:52:0e:52:e7:54:99:15:27:ed:fa:b5:70:fb:66:b2:
fe:73:72:8d:4b:22:69:14:f7:be:0d:ac:c9:ce:5a:be:f2:fb:
6c:90:9d:58:1c:94:a5:4e:11:4b:29:3d:cd:d5:b9:87:2a:c4:
05:4b:33:fc:93:51:4f:f7:bf:eb:06:07:e0:ac:67:01:80:2a:
b2:d6:6c:c0:ed:c0:3e:70:1b:9c:3c:93:30:1c:95:34:fc:40:
95:eb:d1:59:12:83:1e:44:cc:23:15:98:c5:ba:7b:2d:f7:2a:
ed:f4
Pki realm name: -
Certificate file name: ca.crt
Certificate peer name: -
Item
|
Description |
|---|---|
Certificate |
Information about a certificate. |
Data |
Data of a certificate. |
Version |
Version of a certificate. |
Serial Number |
Serial number of a certificate. |
Signature Algorithm |
Signature algorithm of a certificate. |
Issuer |
Issuer of a certificate. |
Validity |
Validity period of a certificate. |
Subject |
Subject of a certificate. |
Subject Public Key Info |
Information about the public key of a certificate. |
Public Key Algorithm |
Public key algorithm. |
Public-Key |
RSA public key. |
Modulus |
Key modulus. |
Exponent |
Key exponent. |
X509v3 extensions |
X.509v3 certificate extensions. |
X509v3 Basic Constraints |
Basic constraints. |
CA |
Whether the CA can be trusted. |
X509v3 Subject Key Identifier |
Identifier of a subject key. |
X509v3 Key Usage |
X.509v3 key use. |
Netscape Cert Type |
Netscape certificate type. |
Netscape Comment |
Netscape Comment. |
Signature Algorithm |
Signature algorithm. |
Pki realm name |
PKI realm name. |
Certificate file name |
Certificate file name. |
Certificate peer name |
Certificate peer name. |