No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
pki generate built-in-ca certificate

pki generate built-in-ca certificate


The pki generate built-in-ca certificate command generates an SSL decryption certificate.


pki generate built-in-ca certificate rsa-key-pair rsa-key-pair-name entity entity-name


Parameter Description Value
rsa-key-pair rsa-key-pair-name Specifies the name of the RSA key pair in an SSL decryption certificate. The RSA key pair must exist in the memory.
entity entity-name Specifies the PKI entity name. The PKI entity must have been configured and have a common name. If the PKI entity does not have a common name, an SSL decryption certificate cannot be generated.


System view:

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To enable a proxy for SSL connection, the device complies with the certificate information on the real server and issues another certificate to the client using the SSL decryption certificate.

The generated SSL decryption certificate files are saved to the flash:/ directory.


  1. An RSA key pair of the SSL decryption certificate has been created using the pki rsa built-in-ca command or the RSA key pair has been imported to the memory of the device using the pki import built-in-ca rsa-key-pair command.
  2. A PKI entity has been created using the pki entity command.
  3. The common name of the PKI entity has been configured using the common-name command.


# Generate an SSL decryption certificate.

<Huawei> system-view
[Huawei] pki rsa built-in-ca rsakey create
 Info: The name of the new key-pair will be: rsakey
 The size of the public key ranges from 2048 to 4096.
 Input the bits in the modules:2048
 Generating key-pairs...
[Huawei] pki entity entity1
[Huawei-pki-entity-entity1] common-name huawei
[Huawei-pki-entity-entity1] quit
[Huawei] pki generate built-in-ca certificate rsa-key-pair rsakey entity entity1
 Please enter the file name for built in CA certificate <length 1-64> : key1
Info: Generate built in CA certificate successfully.
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 212775

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next