4000 Router Series Security Command Reference

191

The specified length is effective on only a key pair to be generated. If the device already has a key pair

or a key pair is contained in an imported certificate, using this command to specify the key length for the

key pair does not take effect.

Examples

# Specify the RSA key pair abc with the purpose general and key length 2048 bits for certificate request.

<Sysname> system-view

[Sysname] pki domain aaa

[Sysname-pki-domain-aaa] public-key rsa general name abc length 2048

# Specify the RSA encryption key pair rsa1 with the key length 2048 bits, and the RSA signing key pair

sig1 with the key length 2048 bits for certificate request.

<Sysname> system-view

[Sysname] pki domain aaa

[Sysname-pki-domain-aaa] public-key rsa encryption name rsa1 length 2048

[Sysname-pki-domain-aaa] public-key rsa signature name sig1 length 2048

Related commands

• pki import

• public-key local create (see Security Command Reference)

root-certificate fingerprint

Use root-certificate fingerprint to set the fingerprint for verifying the validity of the CA root certificate.

Use undo root-certificate fingerprint to remove the configuration.

Syntax

In non-FIPS mode:

root-certificate fingerprint { md5 | sha1 } string

undo root-certificate fingerprint

In FIPS mode:

root-certificate fingerprint sha1 string

undo root-certificate fingerprint

Default

No fingerprint is set.

Views

PKI domain view

Predefined user roles

network-admin

Parameters

md5: Sets an MD5 fingerprint.

sha1: Sets a SHA1 fingerprint.