No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
pki rsa local-key-pair create

pki rsa local-key-pair create


The pki rsa local-key-pair create command creates the specified RSA key pair.


pki rsa local-key-pair create key-name [ modulus modulus-size ] [ exportable ]


Parameter Description Value
key-name Specifies the name of the RSA key pair to be created.

The value is a string of 1 to 64 case-sensitive characters without question marks and spaces. If the character string is quoted by double quotation marks, it can contain spaces and question marks.

modulus modulus-size Specifies the size of the RSK key pair.

The value is an integer that ranges from 2048 to 4096. The default value is 2048.

exportable Indicates that the new RSA key pair can be exported from the device. -


System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When a PKI entity requests a certificate from the CA, the certificate enrollment request that it sends contains information such as the public key. Run this command to create the RSA key pair for the certificate request.

Windows Server 2003 has a low processing performance. For the device to connect to a Windows Server 2003, the device cannot have too many entities configured or use a large-sized key pair.


When creating the key pair, the system prompts the user to enter the number of bits of the RSA key pair. The longer the key pair, the harder it is to crack, and the more secure but slow the encryption algorithm. It is recommended that the number of bits of the RSA key pair exceed 2048; otherwise, it has security risks.

The name of an RSA key pair cannot exceed 50 characters. Because when an RSA key pair is imported, if the certificate is imported at the same time, the PKI system adds _localx.cer after the name of the RSA key pair to generate a new certificate file name, and saves it to the storage component. If the name exceeds 50 characters, the total number of characters exceeds 64, and the certificate file cannot be saved to the storage component.

The RSA key pair referenced by PKI realms cannot be overwritten. They can be overwritten only after the reference relationship is removed.

If the name of the new RSA key pair is the same as that of a pair on the device, the system prompts the user to decide whether to overwrite the existing pair.


# Create 2048-bit RSA key pair test.

<Huawei> system-view
[Huawei] pki rsa local-key-pair create test
 Info: The name of the new key-pair will be: test                               
 The size of the public key ranges from 2048 to 4096.                                   
 Input the bits in the modules:2048                              
 Generating key-pairs...                                                             
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207261

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next