R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
149
To do… Use the command…
Remarks
Set the certificate request
mode to auto
certificate request mode auto
[ key-length key-length |
password { cipher | simple }
password ] *
Required
Manual by default
NOTE:
If a certificate will expire or has expired, the entity does not initiate a re-request automatically, and the
service using the certificate might be interrupted. To have a new local certificate, request one manually.
Submitting a certificate request in manual mode
In manual mode, you need to retrieve a CA certificate, generate a local RSA key pair, and submit a local
certificate request for an entity.
The goal of retrieving a CA certificate will verify the authenticity and validity of a local certificate.
Generating an RSA key pair is an important step in certificate request. The key pair includes a public key
and a private key. The private key is kept by the user. The public key is transferred to the CA along with
some other information. For more information about RSA and DSA key pair configuration, see the
chapter “Public key configuration.”
Follow these steps to submit a certificate request in manual mode:
To do… Use the command…
Remarks
Enter system view system-view —
Enter PKI domain view pki domain domain-name —
Set the certificate request
mode to manual
certificate request mode
manual
Optional
Manual by default
Return to system view quit —
Retrieve a CA certificate
manually
See “Retrieving a certificate
manually“
Required
Generate a local RSA or DSA
key pair
public-key local create { dsa |
rsa }
Required
No local RSA or DSA key pair exists by
default.
Submit a local certificate
request manually
pki request-certificate domain
domain-name [ password ]
[ pkcs10 [ filename filename ] ]
Required