< Home

Configuring a Self-Signed Certificate

Context

If a device fails to request a local certificate from the CA, it can generate a self-signed certificate. The generated certificate is saved in the storage device as a file and issued to a PKI entity. You can export the certificate and transfer it to another device.

A device does not support lifecycle management (such as certificate update and revocation) over its self-signed certificate. To ensure security of the device and certificate, you are advised to replace the self-signed certificate with the local certificate.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run pki create-certificate self-signed filename file-name

    A self-signed certificate is created.

    During the configuration, you will be prompted to enter the certificate information, such as PKI entity attributes, the certificate file name, the certificate validity period, and length of the RSA key pair.

    The file format of the created self-signed certificate is PEM.

Parent Topic: Configuring the Extended Functions
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >