`show crypto pki certificate`

Syntax

show crypto pki certificate [[plaintext | pem]]

Description

Shows a list of all configured leaf certificates, or detailed information for a specific leaf certificate.

Possible values for Cert Status are:CSR pending,expired,expires soon,installed,malformed,not yet known.

Possible values for EST Status are:注册失败,enroll pending,enroll retrying,enroll success,N/A(certificate is not EST-enrolled),reenroll失败,reenroll pending,reenroll retrying.

Command context

Manager (#)

Parameters

: Specifies the leaf certificate name. Range: 1 to 32 alphanumeric characters excluding ".
plaintext: Shows certificate information in plain text.
pem: Shows certificate information in PEM format.

Authority

Administrators or local user group members with execution rights for this command.

Examples

Showing a list of all configured leaf certificates:

switch#show crypto pki certificateCertificate Name Cert Status EST Status Associated Applications ----------------------- -------------- ----------------- ------------------------------ local-cert installed n/a radsec-client, captive-portal device-identity installed n/a none pod01-99-1 installed n/a https-server, est-client syslog-1 CSR pending enroll retrying syslog-client leaf-cert1 installed enroll success none leaf-cert2 CSR pending enroll failed none

Showing detailed information (in plaintext format) for leaf certificatepod01 - 99 - 1:

switch#show crypto pki certificate pod01-99-1 plaintextCertificate Name:pod01 - 99 - 1Associated Applications: https-server, est-client Certificate Status: installed EST Status: n/a Certificate Type: regular Intermediates: Subject: C = US, ST = CA, O = Company, OU = Lab-IT, CN = DeviceCA Issuer: C = US, ST = CA, O = Company, OU = Lab-IT, CN = Lab-CA Serial Number: 0x02 Subject: C = US, ST = CA, O = Company, OU = Lab-IT, CN = Lab-CA Issuer: C = US, ST = CA, O = Company, OU = Lab-IT, CN = Lab-Root Serial Number: 0x01 Certificate: Data: Version: 1 (0x0) Serial Number: 14529416756121781768 (0xc9a2db8f3e3f4608) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=CA, OU=Lab-IT, O=Company, CN=DeviceCA Validity Not Before: Jan 12 23:36:57 2018 GMT Not After : Nov 1 23:36:57 2020 GMT Subject: C=US, ST=CA, OU=Lab-IT, O=Company, CN=pod01 - 99 - 1Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a0:cd:ef:1b:f9:b8:bd:39:fc:7a:0e:00:17:ff: 2b:72:d8:4e:d4:df:49:36:ca:3a:f9:05:05:d7:e3: d1:97:29:71:e6:33:b8:bb:8e:f0:ee:a6:e4:4a:f8: ... fe:dd:d9:a0:af:59:47:25:b4:34:06:af:03:1d:33: 30:c3:85:fe:5c:e7:19:7f:ff:3a:b2:21:b8:e8:ed: 83:09 Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption 39:f6:03:86:03:d9:05:61:39:25:5f:0d:75:cc:05:ae:04:7e: 4c:a3:13:0b:f0:1e:af:68:0e:40:9f:ed:48:b6:5e:56:8c:53: 46:5b:c9:a4:e0:b0:bc:31:4b:a7:5d:0a:ed:7c:9c:f6:bf:1e: ... 39:f5:26:58:68:e2:13:ec:94:ac:60:8e:4b:b0:ba:45:cf:d6: 6a:4b:9f:7d:ae:3f:e5:2e:81:fe:ac:b3:65:44:35:47:a5:2f: 89:e7:58:a0

Showing detailed information (in PEM format) for leaf certificateleaf-cert1with a status ofCSR pending:

switch#show crypto pki certificate leaf-cert1 pemCertificate Name: leaf-cert1 Associated Applications: syslog-client Certificate Status: CSR pending EST Status: enroll retrying Certificate Type: regular -----BEGIN CERTIFICATE REQUEST----- MIICtTCCAZ0CAQAwcDEWMBQGA1UEAxMNc3lzbG9nLTg0MBYGA1UECxMPQ XJ1YmEtUm9zZXZpbGxlMQ4wDAYDVQQKEYTESMBAGA1EBxMJUm9zZXZpbG xlMQswCQYDVQQIEwJDQTELMAGA1UEBhMCVVMwggEiMSIb3DQEBAQUAA4I ... cw2ytN6Idgh81k59x6DH7V/eORaKd5lq+oO7nkr6+QBf5L3f5Kb+TOFio lei+EdCHMxxc07MK0n3dkziSW25HFUGsyEXVMK+BID3zbKDoUe6XVhvqI mamXyghigLYDcbsn6WVw== -----END CERTIFICATE REQUEST-----