1840 CHAPTER 97: PKI C ONFIGURATIONDisplaying andMaintaining PKIPKI ConfigurationExamplesc CAUTION:■ The SCEP plug-in is required when you use the Windows Server as the CA. Inthis case, when configuring the PKI domain, you need to use the certificaterequest from ra command to specify that the entity requests a certificatefrom an RA.■ The SCEP plug-in is not required when RSA Keon is used. In this case, whenconfiguring a PKI domain, you need to use the certificate request from cacommand to specify that the entity requests a certificate from a CA.Configuring a PKI Entityto Request a Certificatefrom a CAn RSA Keon is used on the CA server in this configuration example.Network requirements■ The device submits a local certificate request to the CA server;■ The device acquires CRLs for certificate validation.Network diagramFigure 533 Diagram for configuring a PKI entity to request a certificate from a CATo do... Use the command... RemarksDisplay the contents of acertificate or the status ofcertificate requestdisplay pki certificate { { ca | local }domain domain-name | request-status }Available in anyviewDisplay CRs display pki crl domain domain-name Available in anyviewDisplay the information ofone or all certificate attributegroupsdisplay pki certificate attribute-group{ group-name | all }Available in anyviewDisplay the information ofone or all certificateattribute-based access controlpoliciesdisplay pki certificateaccess-control-policy { policy-name | all }Available in anyview