No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Maintaining PKI

Maintaining PKI

Maintaining certificates involves deleting certificates and deleting RSA key pairs.

Deleting Certificates

When a certificate with a specific name expires, delete the certificate. When a key is disclosed, delete all related CA certificates, the related local certificate, and re-send a certificate application.

Context

Certificates cannot be restored after being deleted. Exercise caution when running the deletion command.

Procedure

  • Delete the CA certificate and local certificate with specific names.
    1. Run the system-view command to enter the system view.
    2. Run the pki delete-certificate { ca | local | crl | peer } filename file-name command to delete a CA certificate or local certificate with a specific name from the memory. It is not deleted from the CF card.

      NOTE:

      When the pki delete-certificate command is run to delete a CA certificate or local certificate with a specific name, the system first checks whether the CA certificate or local certificate is restored in the CF card. If it is not found in the CF card, the deletion fails. In this case, you can run the reset pki all-cert command to clear all certificates.

  • Run the reset pki all-cert command to delete all local certificates, CA certificates, CRLs from the memory. They are not deleted from the CF card.

Deleting RSA Key Pairs

When a user's key is disclosed, the corresponding key pair must be deleted, and a new key pair needs to be created.

Context

After you delete the RSA key pair used by a certificate, the certificate cannot be updated, and the RSA key pair cannot be restored. Exercise caution when deleting an RSA key pair.

Procedure

  • Run the rsa pki local-key-pair [ key-name ] destroy command to delete a local RSA pair.

Clearing CMP Session Statistics

To re-collect CMP session statistics within a specific period, clear existing CMP session statistics.

Context

NOTE:
CMP session statistics cannot be restored after they are cleared. Exercise caution when running the reset pki cmp statistics command. Before running the reset pki cmp statistics command, run the display pki cmp statistics session session-name command to check whether the CMP session statistics to be cleared are still required.

Procedure

  1. Run the reset pki cmp statistics session session-name command to clear CMP session statistics.
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 20383

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next