Root-Certificate Fingerprint - H3C MSR Series Command Reference Manual

The length key-length option takes effect only if you specify a nonexistent key pair. The device will
automatically create the key pair by using the specified name and length before submitting a
certificate request. The length key-length option is ignored if the specified key pair already exists or
is already contained in an imported certificate.
Examples
# Specify 2048-bit general purpose RSA key pair abc for certificate request.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] public-key rsa general name abc length 2048
# Specify the following 2048-bit RSA key pairs for certificate request:
•
RSA encryption key pair rsa1.
•
RSA signing key pair sig1.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] public-key rsa encryption name rsa1 length 2048
[Sysname-pki-domain-aaa] public-key rsa signature name sig1 length 2048
Related commands
pki import
public-key local create

root-certificate fingerprint

Use root-certificate fingerprint to set the fingerprint for verifying the root CA certificate.
Use undo root-certificate fingerprint to restore the default.
Syntax
In non-FIPS mode:
root-certificate fingerprint { md5 | sha1 } string
undo root-certificate fingerprint
In FIPS mode:
root-certificate fingerprint sha1 string
undo root-certificate fingerprint
Default
No fingerprint is set for verifying the root CA certificate.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
md5: Sets an MD5 fingerprint.
sha1: Sets an SHA1 fingerprint.
string: Sets the fingerprint in hexadecimal notation. If you specify the MD5 keyword, the fingerprint is
a string of 32 characters. If you specify the SHA1 keyword, the fingerprint is a string of 40 characters.
502