Destroying A Local Rsa Key Pair; Deleting A Certificate - H3C S5500-EI series Operation Manual
Hide thumbs
Also See for S5500-EI series:
- Configuration manual (490 pages) ,
- Security configuration manual (448 pages) ,
- Operation manual (216 pages)
Table of Contents
Advertisement
Operation Manual – PKI
H3C S5500-EI Series Ethernet Switches
Note:
The CRL update period refers to the interval at which the entity downloads CRLs
from the CRL server. The CRL update period configured manually is prior to that
specified in the CRLs.
The pki retrieval-crl domain configuration will not be saved in the configuration
file.
1.8 Destroying a Local RSA Key Pair
A certificate has a lifetime, which is determined by the CA. When the private key leaks
or the certificate is about to expire, you can destroy the old RSA key pair and then
create a pair to request a new certificate.
Follow these steps to destroy a local RSA key pair:
Enter system view
Destroy a local RSA key pair
Note:
For details about the public-key local destroy rsa command, refer to SSH
Commands.
1.9 Deleting a Certificate
When a certificate requested manually is about to expire or you want to request a new
certificate, you can delete the current local certificate or CA certificate.
Follow these steps to delete a certificate:
Enter system view
Delete certificates
To do...
To do...
system-view
pki delete-certificate { ca | local }
domain domain-name
Use the command...
system-view
public-key local destroy rsa
Use the command...
1-13
Chapter 1 PKI Configuration
Remarks
—
Required
Remarks
—
Required
Advertisement
Chapters
Table of Contents
Troubleshooting
