< Home

signature-certificate

Function

The signature-certificate command configures a PKI signature realm for an IKE peer.

The undo signature-certificate command deletes the PKI signature realm configured for an IKE peer.

Format

signature-certificate pki realm realm-name

undo signature-certificate pki realm

Parameters

Parameter Description Value

realm realm-name

Specifies a PKI signature realm.

The value must be the name of an existing PKI signature realm.

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

In SM2 digital envelope authentication scenarios, you need to configure the PKI signature realm to which the signature certificate belongs on the IKE peer.

The signature certificate used for SM2 digital envelope authentication must be imported to the device using the pki import-certificate local realm realm-name { der | pkcs12 | pem } filename filename no-check-same-name command. The no-check-same-name parameter allows the device to import the encryption certificate and signature certificate with the same issuer and subject names. In addition, the CA certificate used by both the encryption certificate and signature certificate must be imported to the signature realm.

Example

# Configure PKI signature realm realm_1 for IKE peer peer1.

<sysname> system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] signature-certificate pki realm realm_1
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >