No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
auto-enroll

auto-enroll

Function

The auto-enroll command enables automatic certificate enrollment and update.

The undo auto-enroll command disables automatic certificate enrollment and update.

By default, the automatic certificate enrollment and update are disabled.

Format

auto-enroll [ percent ] [ regenerate [ key-bit ] ] [ updated-effective ]

undo auto-enroll [ updated-effective ]

Parameters

Parameter

Description

Value

percent

Specifies the percentage of the certificate's validity period after which a new certificate is requested automatically.

The value is an integer that ranges from 10 to 100.

The default value is 100. When the old certificate expires, the system requests a new certificate.

regenerate

Indicates the RSA key pair will be generated during certificate updates.

-
key-bit Specifies the number of bits in the RSA key pair generated during certificate updates.

The value is an integer that ranges from 2048 to 4096. The default value is 2048.

updated-effective Indicates that the certificate takes effect immediately after being updated. By default, an updated certificate takes effect only after the old one expires. -

Views

PKI realm view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Automatic certificate enrollment: When the certificates are unavailable, will expire, or have expired, an entity automatically requests a new certificate or renews the certificate using the Simple Certification Enrollment Protocol (SCEP).

By default, the automatic certificate enrollment and update function is disabled. When a certificate has expired, you must request a certificate for an entity manually. You can still request a certificate for an entity manually when the automatic certificate enrollment and update function is enabled.

Precautions
  • If you do not specify regenerate, the system uses the original RSA key pairs during automatic updates.
  • If you specify regenerate, the system generates new RSA key pairs during certificate updates for certificate requests and overwrites the original certificates and RSA key pairs with the new ones.

Example

# Enable automatic certificate enrollment and update for the PKI realm abc.

<Huawei> system-view
[Huawei] pki realm abc
[Huawei-pki-realm-abc] auto-enroll 50 regenerate
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 195295

Downloads: 118

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next