R2511-HP MSR Router Series Security Configuration Guide(V5)
274
Destroying a local asymmetric key pair
You might have to destroy a local asymmetric key pair and generate a new pair when an intrusion event
has occurred, the storage media of the device is replaced, the asymmetric key has been used for a long
time, or the local certificate expires. For more information about the local certificate, see "Configuring
PKI."
To destroy a local asymmetric key pair:
Ste
p
Command
1. Enter system view.
system-view
2. Destroy a local asymmetric key pair.
public-key local destroy { dsa | rsa } [ name key-name ]
Configuring the local RSA key pair for certificate
request
In auto request mode, you can configure a PKI entity to generate an RSA key pair with a specific name
when the entity is triggered to submit a local certificate request. For more information about local
certificates, see "Configuring PKI."
To specify the RSA key pair for local certificate request:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter PKI domain view.
pki domain domain-name N/A
3. (Optional) Specify an RSA key
pair for certificate request.
public-key rsa general name
key-name
By default, the PKI entity uses the
RSA key pair that takes the default
name for certificate request.
Exporting an RSA key pair
To copy a local RSA key pair to another device, you must export the RSA key pair on the local device and
then import it to the target device. For information about importing an RSA key pair, see "Importing an
R
SA key pair."
To export an RSA key pair:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A