No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
pki create-certificate

pki create-certificate


The pki create-certificate command creates a self-signed certificate or local certificate.


pki create-certificate [ self-signed ] filename file-name






Creates a self-signed certificate. If this parameter is not specified, a local certificate is created.

  • A self-signed certificate is issued by a PKI device itself. In a self-signed certificate, the certificate issuer and subject are the same.

  • A local certificate is issued by a PKI entity itself based on the certificate issued by CA. The issuer in a local certificate is CA.


filename file-name

Specifies the name of a certificate file.

The value is a string of 1 to 64 case-sensitive characters without spaces or question marks.


System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After a self-signed certificate or local certificate is generated by the device, the certificate file is saved in the storage device as a PEM file. You can export the certificate for other devices to use. This simplifies certificate issue process.

When you run the pki create-certificate command, the system asks you to enter certificate information, for example, PKI entity parameters, certificate file name, the validity time of certificate and RSA key length.


The device does not provide lifecycle management for self-signed certificates. For example, self-signed certificates cannot be updated or revoked on the device. To ensure security of the device and certificates, a local certificate is recommended.


# Create a self-signed certificate huawei.

<Huawei> system-view
[Huawei] pki create-certificate self-signed filename huawei
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207500

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next