Submitting a certificate request in manual mode – H3C Technologies H3C S5120 Series Switches User Manual
Page 454
1-8
Follow these steps to configure an entity to submit a certificate request in auto mode:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter PKI domain view
pki domain domain-name
—
Set the certificate request
mode to auto
certificate request mode auto
[ key-length key-length |
password { cipher | simple }
password ] *
Required
Manual by default
If a certificate is to expire or has expired, the entity does not initiate a re-request automatically, and the
service using the certificate may be interrupted. To have a new local certificate, it is recommended to
request one manually.
Submitting a Certificate Request in Manual Mode
In manual mode, you need to retrieve a CA certificate, generate a local RSA key pair, and submit a local
certificate request for an entity.
The goal of retrieving a CA certificate is to verify the authenticity and validity of a local certificate.
Generating an RSA key pair is an important step in certificate request. The key pair includes a public
key and a private key. The private key is kept by the user, while the public key is transferred to the CA
along with some other information. For detailed information about RSA key pair configuration, refer to
Public Key Configuration.
Follow these steps to submit a certificate request in manual mode:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter PKI domain view
pki domain domain-name
—
Set the certificate request
mode to manual
certificate request mode
manual
Optional
Manual by default
Return to system view
quit
—
Retrieve a CA certificate
manually
Required
Generate a local RSA key pair
public-key local create rsa
Required
No local RSA key pair exists by
default.
Submit a local certificate
request manually
pki request-certificate
domain domain-name
[ password ] [ pkcs10
[ filename filename ] ]
Required