Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Monitoring and Clearing Digital Certificates

Monitoring Digital Certificates

Purpose

You can issue various forms of the show security pki command to view digital certificates and certificate requests and certificate revocation lists:

Action

  • To display the CA digital certificate, issue the show security pki ca-certificate ca-profile ca-profile-name command.

  • To display the local digital certificate and the public key used to enroll the certificate, issue the show security pki local-certificate certificate-id certificate-id-name command.

  • To display the local certificate request in PKCS-10 format, issue the show security pki certificate-request certificate-id certificate-id-name command.

  • You can also view which digital certificates are used in IKE negotiations to establish tunnels by issuing the show services ipsec-vpn certificates command.

  • To display the certificate revocation list, issue the show security pki crl ca-profile ca-profile-name command.

  • To determine if a certificate is enabled for automatic-reenrollment, issue the show security pki command.

Clearing Digital Certificates

Purpose

Variations of the clear security pki command enable you to delete certificates or requests and certificate revocation lists:

Action

  • To delete the CA digital certificate, issue the clear security pki ca-certificate ca-profile ca-profile-name command.

  • To delete the local digital certificate and the associated private/public key pair, issue the clear security pki local-certificate certificate-id certificate-id-name command.

  • To delete the local certificate request, issue the clear security pki certificate-request certificate-id certificate-id-name command.

  • To clear the digital certificates that were used in IKE negotiations to establish tunnels, issue the clear services ipsec-vpn certificates command.

  • To delete the certificate revocation list, issue the clear security pki crl ca-profile ca-profile-name command.