【相关命令】
·attribute
·pki certificate attribute-group
1.1.14 display pki certificate domaindisplay pki certificate domain命令用来显示证书的内容。
【命令】
display pki certificate domain domain-name{ ca | local | peer [ serial serial-num ]}
【视图】
任意视图
【缺省用户角色】
network-admin
network-operator
mdc-admin
mdc-operator
【参数】
domain-name:显示指定证书所在的PKI域的名称,为1~31个字符的字符串,不区分大小写,不能包括“~”、“*”、“\\”、“|”、“:”、“.”、“ ”、“ ”、“ ”和“\'”。
ca:显示CA证书。
local:显示本地证书。
peer:显示对端证书。
serial serial-num:指定要显示的对端证书的序列号。
【使用指导】
·显示CA证书时,会显示此PKI域中所有CA证书、RA证书的详细信息。
·显示本地证书时,会显示此PKI域中所有本地证书的详细信息。
·显示对端证书时,如果不指定序列号,将显示所有对端证书的简要信息;如果指定序列号,将显示该序号对应的指定对端证书的详细信息。
【举例】
#显示PKI域aaa中的CA证书。
Sysname display pki certificate domain aaa ca
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
5c:72:dc:c4:a5:43:cd:f9:32:b9:c1:90:8f:dd:50:f6
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=cn, O=docm, OU=rnd, CN=rootca
Validity
Not Before: Jan 6 02:51:41 2011 GMT
Not After : Dec 7 03:12:05 2013 GMT
Subject: C=cn, O=ccc, OU=ppp, CN=rootca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c4:fd:97:2c:51:36:df:4c:ea:e8:c8:70:66:f0:
28:98:ec:5a:ee:d7:35:af:86:c4:49:76:6e:dd:40:
4a:9e:8d:c0:cb:d9:10:9b:61:eb:0c:e0:22:ce:f6:
57:7c:bb:bb:1b:1d:b6:81:ad:90:77:3d:25:21:e6:
7e:11:0a:d8:1d:3c:8e:a4:17:1e:8c:38:da:97:f6:
6d:be:09:e3:5f:21:c5:a0:6f:27:4b:e3:fb:9f:cd:
c1:91:18:ff:16:ee:d8:cf:8c:e3:4c:a3:1b:08:5d:
84:7e:11:32:5f:1a:f8:35:25:c0:7e:10:bd:aa:0f:
52:db:7b:cd:5d:2b:66:5a:fb
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
6d:b1:4e:d7:ef:bb:1d:67:53:67:d0:8f:7c:96:1d:2a:03:98:
3b:48:41:08:a4:8f:a9:c1:98:e3:ac:7d:05:54:7c:34:d5:ee:
09:5a:11:e3:c8:7a:ab:3b:27:d7:62:a7:bb:bc:7e:12:5e:9e:
4c:1c:4a:9f:d7:89:ca:20:46:de:c5:b3:ce:36:ca:5e:6e:dc:
e7:c6:fe:3f:c5:38:dd:d5:a3:36:ad:f4:3d:e6:32:7f:48:df:
07:f0:a2:32:89:86:72:22:cd:ed:e5:0f:95:df:9c:75:71:e7:
fe:34:c5:a0:64:1c:f0:5c:e4:8f:d3:00:bd:fa:90:b6:64:d8:
88:a6
#显示PKI域aaa中的本地证书。
Sysname display pki certificate domain aaa local
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bc:05:70:1f:0e:da:0d:10:16:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, O=sec, OU=software, CN=ipsec
Validity
Not Before: Jan 7 20:05:44 2011 GMT
Not After : Jan 7 20:05:44 2012 GMT
Subject: O=OpenCA Labs, OU=Users, CN=fips fips-sec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:b2:38:ad:8c:7d:78:38:37:88:ce:cc:97:17:39:
52:e1:99:b3:de:73:8b:ad:a8:04:f9:a1:f9:0d:67:
d8:95:e2:26:a4:0b:c2:8c:63:32:5d:38:3e:fd:b7:
4a:83:69:0e:3e:24:e4:ab:91:6c:56:51:88:93:9e:
12:a4:30:ad:ae:72:57:a7:ba:fb:bc:ac:20:8a:21:
46:ea:e8:93:55:f3:41:49:e9:9d:cc:ec:76:13:fd:
a5:8d:cb:5b:45:08:b7:d1:c5:b5:58:89:47:ce:12:
bd:5c:ce:b6:17:2f:e0:fc:c0:3e:b7:c4:99:31:5b:
8a:f0:ea:02:fd:2d:44:7a:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection, Microsoft Smartcardlogin
Netscape Comment:
User Certificate of OpenCA Labs
X509v3 Subject Key Identifier:
91:95:51:DD:BF:4F:55:FA:E4:C4:D0:10:C2:A1:C2:99:AF:A5:CB:30
X509v3 Authority Key Identifier:
keyid:DF:D2:C9:1A:06:1F:BC:61:54:39:FE:12:C4:22:64:EB:57:3B:11:9F
X509v3 Subject Alternative Name:
email:fips@ccc.com
X509v3 Issuer Alternative Name:
email:pki@openca.org
Authority Information Access:
CA Issuers - URI:http://titan/pki/pub/cacert/cacert.crt
OCSP - URI:http://titan:2560/
1.3.6.1.5.5.7.48.12 - URI:http://titan:830/
X509v3 CRL Distribution Points:
Full Name:
URI:http://titan/pki/pub/crl/cacrl.crl
Signature Algorithm: sha256WithRSAEncryption
94:ef:56:70:48:66:be:8f:9d:bb:77:0f:c9:f4:65:77:e3:bd:
ea:9a:b8:24:ae:a1:38:2d:f4:ab:e8:0e:93:c2:30:33:c8:ef:
f5:e9:eb:9d:37:04:6f:99:bd:b2:c0:e9:eb:b1:19:7e:e3:cb:
95:cd:6c:b8:47:e2:cf:18:8d:99:f4:11:74:b1:1b:86:92:98:
af:a2:34:f7:1b:15:ee:ea:91:ed:51:17:d0:76:ec:22:4c:56:
da:d6:d1:3c:f2:43:31:4f:1d:20:c8:c2:c3:4d:e5:92:29:ee:
43:c6:d7:72:92:e8:13:87:38:9a:9c:cd:54:38:b2:ad:ba:aa:
f9:a4:68:b5:2a:df:9a:31:2f:42:80:0c:0c:d9:6d:b3:ab:0f:
dd:a0:2c:c0:aa:16:81:aa:d9:33:ca:01:75:94:92:44:05:1a:
65:41:fa:1e:41:b5:8a:cc:2b:09:6e:67:70:c4:ed:b4:bc:28:
04:50:a6:33:65:6d:49:3c:fc:a8:93:88:53:94:4c:af:23:64:
cb:af:e3:02:d1:b6:59:5f:95:52:6d:00:00:a0:cb:75:cf:b4:
50:c5:50:00:65:f4:7d:69:cc:2d:68:a4:13:5c:ef:75:aa:8f:
3f:ca:fa:eb:4d:d5:5d:27:db:46:c7:f4:7d:3a:b2:fb:a7:c9:
de:18:9d:c1
# 显示PKI域aaa中的所有对端证书的简要信息。
Sysname display pki certificate domain aaa peer
Total peer certificates: 1
Serial Number: 9a0337eb2156ba1f5476e4d754a5a9f7
Subject Name: CN=sldsslserver
#显示PKI域aaa中的一个特定序号的对端证书的详细信息。
Sysname display pki certificate domain aaa peer serial 9a0337eb2156ba1f5476e4d754a5a9f7
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9a:03:37:eb:21:56:ba:1f:54:76:e4:d7:54:a5:a9:f7
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=cn, O=ccc, OU=sec, CN=ssl
Validity
Not Before: Oct 15 01:23:06 2010 GMT
Not After : Jul 26 06:30:54 2012 GMT
Subject: CN=sldsslserver
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c2:cf:37:76:93:29:5e:cd:0e:77:48:3a:4d:0f:
a6:28:a4:60:f8:31:56:28:7f:81:e3:17:47:78:98:
68:03:5b:72:f4:57:d3:bf:c5:30:32:0d:58:72:67:
04:06:61:08:3b:e9:ac:53:b9:e7:69:68:1a:23:f2:
97:4c:26:14:c2:b5:d9:34:8b:ee:c1:ef:af:1a:f4:
39:da:c5:ae:ab:56:95:b5:be:0e:c3:46:35:c1:52:
29:9c:b7:46:f2:27:80:2d:a4:65:9a:81:78:53:d4:
ca:d3:f5:f3:92:54:85:b3:ab:55:a5:03:96:2b:19:
8b:a3:4d:b2:17:08:8d:dd:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:9A:83:29:13:29:D9:62:83:CB:41:D4:75:2E:52:A1:66:38:3C:90:11
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement
Netscape Cert Type:
SSL Server
X509v3 Subject Alternative Name:
DNS:docm.com
X509v3 Subject Key Identifier:
3C:76:95:9B:DD:C2:7F:5F:98:83:B7:C7:A0:F8:99:1E:4B:D7:2F:26
X509v3 CRL Distribution Points:
Full Name:
URI:http://s03130.ccc.sec.com:447/ssl.crl
Signature Algorithm: sha1WithRSAEncryption
61:2d:79:c7:49:16:e3:be:25:bb:8b:70:37:31:32:e5:d3:e3:
31:2c:2d:c1:f9:bf:50:ad:35:4b:c1:90:8c:65:79:b6:5f:59:
36:24:c7:14:63:44:17:1e:e4:cf:10:69:fc:93:e9:70:53:3c:
85:aa:40:7e:b5:47:75:0f:f0:b2:da:b4:a5:50:dd:06:4a:d5:
17:a5:ca:20:19:2c:e9:78:02:bd:19:77:da:07:1a:42:df:72:
ad:07:7d:e5:16:d6:75:eb:6e:06:58:ee:76:31:63:db:96:a2:
ad:83:b6:bb:ba:4b:79:59:9d:59:6c:77:59:5b:d9:07:33:a8:
f0:a5
表1-4 display pki certificate命令显示信息描述表
本文链接: http://cccgroup.immuno-online.com/view-680799.html