Cisco Acano X-series
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
35
Appendix C MMP PKI commands
Table 7: List of MMP pki commands
Command/ Examples
Description/Notes
pki
Displays current PKI usage.
pki list
Lists PKI files i.e. private keys, certificates and certificate signing
requests (CSRs).
requests (CSRs).
pki inspect <filename>
Inspect a file and shows whether the file is a private key, a
certificate, a CSR or unknown. In the case of certificates, various
details are displayed. If the file contains a bundle of certificates,
information about each element of the bundle is displayed.
certificate, a CSR or unknown. In the case of certificates, various
details are displayed. If the file contains a bundle of certificates,
information about each element of the bundle is displayed.
Both PEM and DER format files are handled.
pki match <key> <certificate>
This command checks whether the specified key and a certificate
on the system match. A private key and a certificate are two
halves of one usable identity and must match if they are to be
used for a service e.g. XMPP.
on the system match. A private key and a certificate are two
halves of one usable identity and must match if they are to be
used for a service e.g. XMPP.
pki verify <cert> <cert
bundle/CA cert>
bundle/CA cert>
pki verify server.crt
bundle.crt
This command checks whether the specified certificate is signed
by the root CA using the certificate bundle to determine the chain
of trust.
by the root CA using the certificate bundle to determine the chain
of trust.
pki unlock <key>
Private keys are often provided with password-protection. To be
used in the Meeting Server, the key must be unlocked.
used in the Meeting Server, the key must be unlocked.
This command prompts for a password to unlock the target file.
The locked name will be replaced by an unlocked key with the
same name.
The locked name will be replaced by an unlocked key with the
same name.
pki csr <key/cert basename>
[<attribute>:<value>]
[<attribute>:<value>]
pki csr example
CN:www.example.com OU:"My Desk"
O:"My Office" L:"Round the
corner" ST:California C:US
subjectAltName:example.com,
example@example.com
For users happy to trust that Cisco meets the requirements for
the generation of private key material, the pki csr command can
be used to create private keys and associated Certificate Signing
Requests.
the generation of private key material, the pki csr command can
be used to create private keys and associated Certificate Signing
Requests.
<key/cert basename> is a string identifying the new key and CSR
(e.g. "new" results in "new.key" and "new.csr" files)
(e.g. "new" results in "new.key" and "new.csr" files)
Attributes for the CSR are specified in pairs with the attribute
name and value separated by a colon (":"). Use “” around
attributes that are more than one word, e.g.
name and value separated by a colon (":"). Use “” around
attributes that are more than one word, e.g.
O:“Example Inc.”
continued over the page
Appendix C MMP PKI commands