No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
pki enroll-certificate

pki enroll-certificate

Function

The pki enroll-certificate command configures manual certificate enrollment.

Format

pki enroll-certificate realm realm-name [ pkcs10 [ filename filename ] ] [ password password ]

Parameters

Parameter Description Value
realm realm-name

Specifies the name of a PKI realm.

The PKI realm name must already exist.

pkcs10

Uses the PKCS#10 format to display the local certificate request information.

It can be used to request certificates in offline mode.
-
filename filename

Saves the certificate request information in a specified file. The certificate request information is saved in the file in PKCS#10 format and is sent to the CA in outband mode.

The value is a string of 1 to 64.

password password Indicates a challenge password, which is used to request certificates in online mode. When the CA server processes the certificate request using the challenge password, you must set a challenge password on the entity, and the challenge password must be the same as the password configured on the CA server.

The value is a string of case-sensitive characters without question marks (?) or spaces. It can be a plain-text string of 1 to 64 characters or a cipher-text string of 48 to 108 characters.

NOTE:

To improve certificate security, it is recommended that a password consist of at least two of the following: lowercase letters, uppercase letters, numerals and special characters. In addition, the password must contain at least 6 characters.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Manual certificate application is online or offline.

  • Online mode (in-band mode)

    In online requests, entities request certificates from CAs using the SCEP protocol. Then the entities store the obtained certificates on the flash of devices.

  • Offline mode (out-of-band mode)

    The device generates a certificate request file. The administrator sends the file to the CA server using methods such as disks and emails.

Prerequisites

A PKI realm has been created using the pki realm (system view) command.

Precautions

  • If pkcs10 is specified, an entity applies to a CA for a certificate in offline mode. The entity saves the certificate request information in a file in PKCS#10 format and sends the file to the CA in outband mode.

  • If pkcs10 is not specified, an entity applies to a CA for a certificate in online mode.

  • In online mode, a PKI entity obtains a CA certificate and imports it to memory, and then obtains a local certificate and imports it to memory.

  • After the enrollment self-signed command is used in the PKI realm, it is not allowed to use the pki enroll-certificate command to configure manual certificate enrollment.

Example

# Enroll a certificate for the PKI realm abc.

<Huawei> system-view
[Huawei] pki realm abc
[Huawei-pki-realm-abc] quit
[Huawei] pki enroll-certificate realm abc
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 204688

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next