No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
pki rsa built-in-ca

pki rsa built-in-ca

Function

The pki rsa built-in-ca command creates, overwrites, or destroys the RSA key pair in an SSL decryption certificate.

Format

pki rsa built-in-ca key-name { create [ exportable ] | destroy }

Parameters

Parameter Description Value
key-name Specifies the name of the RSA key pair in an SSL decryption certificate. The value is a string of 1 to 64 case-sensitive characters without question marks and spaces. If the character string is quoted by double quotation marks, it can contain spaces and question marks.
create Specifies the created RSA key pair of the SSL decryption certificate. -
exportable Specifies the created RSA key pair as exportable. -
destroy Specifies the destroyed RSA key pair of the SSL decryption certificate. -

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When the device uses the SSL decryption certificate to perform the proxy function for the SSL connection, the certificate must contain a public key. Run this command to create the RSA key pair of the SSL decryption certificate.

If the RSA key pair is referenced by the certificate and has been imported to the memory, you cannot overwrite or destroy the pair directly. To overwrite or destroy the RSA key pair, you can run the pki delete-certificate built-in-ca command to delete the SSL decryption certificate from the memory first.

When creating or overwriting the RSA key pair, you must enter the number of bits of the RSA key pair. The default value is 2048.

Precautions

The name of an RSA key pair cannot exceed 50 characters. Because when an RSA key pair is imported, if the certificate is imported at the same time, the PKI system adds _builtinca.cer after the name of the RSA key pair to generate a new certificate file name, and saves it to the storage component. If the name exceeds 50 characters, the total number of characters exceeds 64, and the certificate file cannot be saved to the storage component.

When creating the key pair, the system prompts the user to enter the number of bits of the RSA key pair. The longer the key pair, the harder it is to crack, and the more secure but slow the encryption algorithm. It is recommended that the number of bits of the RSA key pair exceed 2048; otherwise, it has security risks.

Example

# Create an RSA key pair rsakey.

<Huawei> system-view
[Huawei] pki rsa built-in-ca rsakey create
 Info: The name of the new key-pair will be: rsakey
 The size of the public key ranges from 2048 to 4096.
 Input the bits in the modules:2048
 Generating key-pairs...
........++++++
........++++++
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 203445

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next