Navigation
Monitoring Digital Certificates
Purpose
You can issue various forms of the show security pki command to view digital certificates and certificate requests and certificate revocation lists:
Action
- To display the CA digital certificate, issue the show security pki ca-certificate ca-profile ca-profile-name command.
- To display the local digital certificate and the public key used to enroll the certificate, issue the show security pki local-certificate certificate-id certificate-id-name command.
- To display the local certificate request in PKCS-10 format, issue the show security pki certificate-request certificate-id certificate-id-name command.
- You can also view which digital certificates are used in IKE negotiations to establish IPSec tunnels by issuing the show services ipsec-vpn certificates command.
- To display the certificate revocation list, issue the show security pki crl ca-profile ca-profile-name command.
- To determine if a certificate is enabled for automatic-reenrollment, issue the show security pki command.
