Submitting A Certificate Request In Manual Mode - H3C S5500-EI series Operation Manual
Hide thumbs
Also See for S5500-EI series:
- Configuration manual (490 pages) ,
- Security configuration manual (448 pages) ,
- Operation manual (216 pages)
Table of Contents
Advertisement
Operation Manual – PKI
H3C S5500-EI Series Ethernet Switches
Set the certificate request
mode to auto
1.5.2 Submitting a Certificate Request in Manual Mode
In manual mode, you need to retrieve a CA certificate, generate a local RSA key pair,
and submit a local certificate request for an entity.
The goal of retrieving a CA certificate is to verify the authenticity and validity of a local
certificate.
Generating an RSA key pair is an important step in certificate request. The key pair
includes a public key and a private key. The private key is kept by the user, while the
public key is transferred to the CA along with some other information. For detailed
information about RSA key pair configuration, refer to SSH Configuration.
Follow these steps to submit a certificate request in manual mode:
Enter system view
Enter PKI domain view
Set the certificate request
mode to manual
Return to system view
Retrieve a CA certificate
manually
Generate a local RSA key
pair
Submit a local certificate
request
To do...
certificate request mode auto
[ key-length key-length |
password { cipher | simple }
password ] *
To do...
system-view
pki domain
domain-name
certificate request mode
manual
quit
Refer to
Certificate Manually
public-key local create
rsa
pki request-certificate
domain domain-name
[ password ] [ pkcs10
[ filename filename ] ]
Use the command...
Use the command...
Retrieving a
1-9
Chapter 1 PKI Configuration
Remarks
Required
Manual by default
Remarks
—
—
Optional
Manual by default
—
Required
Required
No local RSA key pair
exists by default.
Required
Advertisement
Chapters
Table of Contents
Troubleshooting
