R2511-HP MSR Router Series Security Command Reference(V5)
310
password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be
a string of 1 to 31 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
manual: Specifies the certificate request mode as manual..
Usage guidelines
In auto request mode, an entity automatically requests a certificate from a CA if the entity does not have
a local certificate. If the num-days argument is specified, the entity automatically requests a new
certificate the specified number of days before the current certificate expires. In manual request mode, all
operations associated with certificate request are performed manually.
If the before-expire keyword is specified but the regenerate keyword is not specified, an entity uses the
old RSA key pair for certificate renewal request.
If both the before-expire and regenerate keywords are specified, an entity generates a new RSA key pair
each time it submits a certificate renewal request. The new RSA key pair overwrites the old one, which
might interrupt other services that are using the old RSA key pair. Therefore, HP recommends that you use
the public-key rsa general name command to designate a specific RSA key pair for this purpose.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Examples
# Specify to request a certificate in auto mode.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] certificate request mode auto
Related commands
pki request-certificate
certificate request polling
Use certificate request polling to specify the certificate request polling interval and attempt limit.
Use undo certificate request polling to restore the defaults.
Syntax
certificate request polling { count count | interval minutes }
undo certificate request polling { count | interval }
Default
The polling is executed every 20 minutes for up to 50 times.
Views
PKI domain view
Default command level
2: System level
Parameters
count count: Specifies the maximum number of attempts to poll the status of the certificate request. The
value range is 1 to 100.
interval minutes: Specifies the polling interval in minutes, in the range of 5 to 168.