1-7To do… Use the command… RemarksSpecify the authority for certificaterequest certificate request from { ca | ra } RequiredNo authority is specified by default.Configure the URL of the server forcertificate request certificate request url url-string RequiredNo URL is configured by default.Configure the polling interval andattempt limit for querying thecertificate request statuscertificate request polling{ count count | interval minutes }OptionalThe polling is executed for up to 5times at the interval of 20 minutesby default.Specify the LDAP serverldap-server ip ip-address [ portport-number ] [ versionversion-number ]OptionalNo LDP server is specified bydefault.Configure the fingerprint for rootcertificate verificationroot-certificate fingerprint { md5| sha1 } stringRequired when the certificaterequest mode is auto and optionalwhen the certificate request modeis manual. In the latter case, if youdo not configure this command, thefingerprint of the root certificatemust be verified manually.No fingerprint is configured bydefault.z Currently, up to two PKI domains can be created on a device.z The CA name is required only when you retrieve a CA certificate. It is not used when in localcertificate request.z Currently, the URL of the server for certificate request does not support domain name resolving.Submitting a PKI Certificate RequestWhen requesting a certificate, an entity introduces itself to the CA by providing its identity informationand public key, which will be the major components of the certificate. A certificate request can besubmitted to a CA in two ways: online and offline. In offline mode, a certificate request is submitted to aCA by an “out-of-band” means such as phone, disk, or e-mail.Online certificate request falls into two categories: manual mode and auto mode.Submitting a Certificate Request in Auto ModeIn auto mode, an entity automatically requests a certificate through the SCEP protocol when it has nolocal certificate or the present certificate is about to expire.Follow these steps to configure an entity to submit a certificate request in auto mode:To do… Use the command… RemarksEnter system view system-view —Enter PKI domain view pki domain domain-name —