No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Certificate Application

Certificate Application

A certificate that is issued and managed by Huawei PKI is already installed on the device when it is delivered. To improve the device security, replacing this certificate with your own certificate and key pair is recommended.

The CA generates an entity certificate by calculating the signature based on the entity information (describing device features). Therefore, when requesting a certificate from a CA, the device must provide the CA with entity information.

Figure 17-3 shows the procedure for applying for a certificate. To prevent entity information from being altered during transmission, the device first calculates a signature based on its own private key and entity information (including the public key), and further uses the entity information together with the signature to generate a certificate request to the CA.

After receiving the certificate application request of the device, the CA uses the public key contained in the entity information to authenticate the signature, and generates a certificate for the device only if the signature passes the authentication.

Figure 17-3 Schematic diagram for certificate application
The device supports the following certificate application sending modes:
  • Outband certificate application sending mode: A request file is stored in a floppy disk, CD-ROM, or mail and sent to the CA administrator. You can apply for a new certificate only using the outband certificate application sending mode.
  • CMP certificate application sending mode: The certificate is applied for, managed, and maintained using CMPv2. You can update a certificate only using the CMP certificate application sending mode.
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12623

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next