< Home

encryption-certificate

Function

The encryption-certificate command configures a PKI encryption realm for an IKE peer.

The undo encryption-certificate command deletes the PKI encryption realm configured for an IKE peer.

Format

encryption-certificate pki realm realm-name

undo encryption-certificate pki realm

Parameters

Parameter Description Value

realm realm-name

Specifies a PKI encryption realm.

The value must be the name of an existing PKI encryption realm.

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

In SM2 digital envelope authentication scenarios, you need to configure the PKI encryption realm to which the encryption certificate belongs on the IKE peer.

The encryption certificate used for SM2 digital envelope authentication must be imported to the device using the pki import-certificate local realm realm-name { der | pkcs12 | pem } filename filename no-check-same-name command. The no-check-same-name parameter allows the device to import the encryption certificate and signature certificate with the same issuer and subject names.

Example

# Configure PKI encryption realm realm_1 for IKE peer peer1.

<sysname> system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] encryption-certificate pki realm realm_1
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >