show certificate ca

Display the certificate authority details.

Syntax

show certificate ca WORD<1–45>

Command Parameters

WORD<1–45>: Specifies name of the Certificate Authority. If the name is not specified, the command displays the CA details of all configured CA.

Default

None

Command Mode

User EXEC

Command Output

The show certificate ca command displays the following information:


Output field	Description
Name	Specifies the user defined name referring to the Certificate Authority issuing the Digital Certificate.
CommonName	Specifies the Common Name of the Certificate Authority issuing the Digital Certificate.
KeyName	Specifies the generated key pair that was first associated with the CA trustpoint.
SubjectName	Specifies the subject Distinguished Name (DN) or subject alternative name identity to bind with the CA trustpoint. The default is Global.
CaUrl	Specifies the URL of the Certificate Authority issuing the Digital Certificate.
UsePost	Specifies if the HTTP request type is URL or POST. Where, TRUE indicates EJBCA and FALSE indicates Win2012 CA.
SubjectCertValidityDays	Specifies number of days for which subject certificate is valid.
Action	Specifies the various actions that a Certificate Authority can take. noop - No operation caauth - Certificate Authority authentication enroll - Certificate Enrolment Request renew - Certificate Renew Request remove - Removes the subject certificate obtained online from the Certificate Authority install - Installs the subject certificate obtained online from the Cerificate Authority generateCsr - Generates the Certificate Signing Request required to obtain the Offline Subject Certificate
LastActionStatus	Specifies the status of the last action. none - No action is performed yet success - Execution of the action triggered is completed successfully failed - Execution of the action triggered has failed inProgress - Execution of the action triggered is in progress
LastActionFailureReason	Specifies the reason of failure for the last action performed by the Certificate Authority.
UsedFor	Specifies if the CA trustpoint is used by a specific application, such as SSH-X509. Default indicates the first configured CA trustpoint. Default displays in this field if you have only one CA trustpoint configured.

Example

The following examples displays the certificate CA information:

Switch:1(config)#show certificate ca 


CA table entry
Name                      :   a1
CommonName                :   CaA1
KeyName                   :   rsa_2048
SubjectName               :   
CaUrl                     :   http://192.51.100.9:8080/ejbca/publicweb/apply/scep/test/pkiclient.exe
UsePost                   :   1
SubjectCertValidityDays   :   365
Action                    :   (null)
LastActionStatus          :   (null)
LastActionFailureReason   :   
CA-Auth Sha256Fingerprint :   bd9bb74b3f4d75e86113222a8d291b6349c7a42c457e487b9be0a48b4f09cc7c
UsedFor                   :   


CA table entry
Name                      :   a2
CommonName                :   CaA2
KeyName                   :   pki_key
SubjectName               :   822
CaUrl                     :   http://192.51.100.9:8080/ejbca/publicweb/apply/scep/test/pkiclient.exe
UsePost                   :   1
SubjectCertValidityDays   :   365
Action                    :   (null)
LastActionStatus          :   (null)
LastActionFailureReason   :   
CA-Auth Sha256Fingerprint :   0ccb8d0c38d36cf427187f0e1dd380536c078fd6fae39ec9872187327912056b
UsedFor                   :   Default