Command Reference Guide
3Com Router 5000 Family and Router 6000 Family debugging pki ● 51
Command Reference
debugging pki
Purpose Use the debugging pki command to enable PKI debugging functions.
Use the undo debugging pki command to disable PKI debugging functions.
Syntax debugging pki { all | request | retrieval | verify | error }
undo debugging pki { all | request | retrieval | verify | error }
Parameters all
Debugging in all the processes;
request
Debugging in certificate request;
retrieval
Debugging in certificate retrieval;
verify
Debugging in certification validation;
error
Debugging in error cases
Default By default, all PKI debugging functions are disabled.
Example Enable the debugging function related to errors in PKI certificate operation
[RouterCA] debugging pki error
[RouterCA] pki delete-certificate ca domain 1
[RouterCA] pki request-certificate domain 1
Certificate enroll failed!
Cannot get the CA/RA certificate when creating the x509 Request
Enable the debugging function for PKI certificate retrieval
[RouterCA] debugging pki retrieval
[RouterCA] pki retrieval certificate local domain 1
Retrievaling CA/RA certificates. Please wait a while......
We receive 3 certificates.
The trusted CA’s finger print is:
MD5 fingerprint: 74C9 B71D 406B DDB3 F74A 96BC E05B 40E9
SHA1 fingerprint: 770E 2937 4E32 ACD4 4ACC 7CF1 0FF0 6FB8 6C34 E24A
Is the finger print correct?(Y/N): y
Saving the CA/RA certificate to flash.....................Done!
Enable the debugging function for PKI certificate request
[RouterCA] debugging pki request
[RouterCA] pki request certificate 1
Create PKCS#10 request: token seen: CN=pki test
Create PKCS#10 request: CN=pki test added
Create PKCS#10 request: subject dn set to ’/CN=pki test’
Certificate Request:
…..
dir_name: certsrv/mscep/mscep.dll