No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



The key-usage command configures the purpose description for a certificate public key.

The undo key-usage command deletes the purpose description of a certificate public key.

By default, a certificate public key does not have a purpose description.


key-usage { ike | ssl-client | ssl-server } *

undo key-usage { ike | ssl-client | ssl-server } *






Specifies the usage of a key as ike. That is, the key is used to set up an IPSec tunnel.



Specifies the usage of a key as ssl-client. That is, the key is used by the SSL client to set up an SSL session.



Specifies the usage of a key as ssl-server. That is, the key is used by the SSL server to set up an SSL session.



PKI realm view

Default Level

2: Configuration level

Usage Guidelines

To improve certificate security, you can add the usage information of a key to the certificate request packet sent from the device to the CA server.

After receiving the certificate request packet, the CA server verifies the packet. For each valid packet, the CA server generates a digital certificate carrying the usage information of the key.

For example, when setting up an SSL session, the SSL client adds a digital signature and encrypts the key by using the certificate. After you specify the usage of a key as ssl-client by using the key-usage ssl-client command, the certificate generated by the CA server carries the usage information, including a digital signature and encrypted key. If you use this key to encrypt data, the key will be invalid.


# Specify the usage of a key as ssl-client.
<Huawei> system-view
[Huawei] pki realm abc
[Huawei-pki-realm-abc] key-usage ssl-client
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 194890

Downloads: 118

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next