No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
pki enroll-certificate

pki enroll-certificate


The pki enroll-certificate command configures manual certificate enrollment.


pki enroll-certificate realm realm-name [ pkcs10 [ filename filename ] ] [ password password ]


Parameter Description Value
realm realm-name

Specifies the name of a PKI realm.

The PKI realm name must already exist.


Uses the PKCS#10 format to display the local certificate request information.

It can be used to request certificates in offline mode.
filename filename

Saves the certificate request information in a specified file. The certificate request information is saved in the file in PKCS#10 format and is sent to the CA in outband mode.

The value is a string of 1 to 64.

password password Indicates a challenge password, which is used to request certificates in online mode. When the CA server processes the certificate request using the challenge password, you must set a challenge password on the entity, and the challenge password must be the same as the password configured on the CA server.

The value is a string of case-sensitive characters without question marks (?) or spaces. It can be a plain-text string of 1 to 64 characters or a cipher-text string of 48 to 108 characters.


To improve certificate security, it is recommended that a password consist of at least two of the following: lowercase letters, uppercase letters, numerals and special characters. In addition, the password must contain at least 6 characters.


System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Manual certificate application is online or offline.

  • Online mode (in-band mode)

    In online requests, entities request certificates from CAs using the SCEP protocol. Then the entities store the obtained certificates on the flash of devices.

  • Offline mode (out-of-band mode)

    The device generates a certificate request file. The administrator sends the file to the CA server using methods such as disks and emails.


A PKI realm has been created using the pki realm (system view) command.


  • If pkcs10 is specified, an entity applies to a CA for a certificate in offline mode. The entity saves the certificate request information in a file in PKCS#10 format and sends the file to the CA in outband mode.

  • If pkcs10 is not specified, an entity applies to a CA for a certificate in online mode.

  • In online mode, a PKI entity obtains a CA certificate and imports it to memory, and then obtains a local certificate and imports it to memory.

  • After the enrollment self-signed command is used in the PKI realm, it is not allowed to use the pki enroll-certificate command to configure manual certificate enrollment.


# Enroll a certificate for the PKI realm abc.

<Huawei> system-view
[Huawei] pki realm abc
[Huawei-pki-realm-abc] quit
[Huawei] pki enroll-certificate realm abc
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 204688

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next