Submitting A Certificate Request In Manual Mode - H3C S5120-SI Series Configuration Manual

Follow these steps to configure an entity to submit a certificate request in auto mode:
To do...
Enter system view
Enter PKI domain view
Set the certificate request
mode to auto
If a certificate is to expire or has expired, the entity does not initiate a re-request automatically, and the
service using the certificate may be interrupted. To have a new local certificate, it is recommended to
request one manually.

Submitting a Certificate Request in Manual Mode

In manual mode, you need to retrieve a CA certificate, generate a local RSA key pair, and submit a local
certificate request for an entity.
The goal of retrieving a CA certificate is to verify the authenticity and validity of a local certificate.
Generating an RSA key pair is an important step in certificate request. The key pair includes a public
key and a private key. The private key is kept by the user, while the public key is transferred to the CA
along with some other information. For detailed information about RSA key pair configuration, refer to
Public Key Configuration.
Follow these steps to submit a certificate request in manual mode:
To do...
Enter system view
Enter PKI domain view
Set the certificate request
mode to manual
Return to system view
Retrieve a CA certificate
manually
Generate a local RSA key pair
Submit a local certificate
request manually
Use the command...
system-view
pki domain domain-name
certificate request mode auto
[ key-length key-length |
password { cipher | simple }
password ] *
Use the command...
system-view
pki domain domain-name
certificate request mode
manual
quit
Refer to Retrieving a Certificate
Manually
public-key local create rsa
pki request-certificate
domain domain-name
[ password ] [ pkcs10
[ filename filename ] ]
1-8
Remarks
—
—
Required
Manual by default
Remarks
—
—
Optional
Manual by default
—
Required
Required
No local RSA key pair exists by
default.
Required