No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



The fingerprint command configures the CA certificate fingerprint used in CA certificate authentication.

The undo fingerprint command deletes the CA certificate fingerprint used in CA certificate authentication.

By default, no CA certificate fingerprint is configured for CA certificate authentication.


fingerprint { md5 | sha1 | sha256 } fingerprint

undo fingerprint


Parameter Description Value

Sets the digital fingerprint algorithm to MD5.

sha1 Sets the digital fingerprint algorithm to SHA1. -


Sets the digital fingerprint algorithm to SHA256. -

Specifies the digital fingerprint value.

This value needs to be obtained from the CA server offline. For example, from a CA server running Windows Server 2008, you can obtain the digital fingerprint at http://host:port/certsrv/mscep_admin/, in which host indicates the server's IP address and port indicates the port number.

The digital fingerprint value is a hexadecimal string of case-insensitive characters.
  • An MD5 fingerprint consists of 32 characters (16 bytes).
  • An SHA1 fingerprint consists of 40 characters (20 bytes).
  • An SHA256 fingerprint consists of 64 characters (32 bytes).


PKI realm view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When obtaining a CA certificate, the device uses an algorithm to calculate the CA certificate fingerprint and compares the CA certificate fingerprint with the configured fingerprint. If the two values are the same, the device receives the CA certificate. When verifying a certificate, the device uses the public key of the CA certificate to authenticate the digital signature. If the digital signature can be decrypted, the certificate is verified.


You can configure an algorithm to calculate the CA certificate fingerprint. If you run the fingerprint command multiple times in the same PKI realm view, only the latest configuration takes effect.

The MD5 and SHA1 algorithms have a low security level. SHA256 is recommended.


# Configure the CA certificate fingerprint used in CA certificate authentication.

<Huawei> system-view
[Huawei] pki realm test
[Huawei-pki-realm-test] fingerprint sha256 e71add0744360e91186b828412d279e06dcc15a4ab4bb3d13842820396b526a0
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 204491

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next