< Home

enrollment-request signature message-digest-method

Function

The enrollment-request signature message-digest-method command configures the digest algorithm used to sign certificate enrollment requests.

The undo enrollment-request signature message-digest-method command restores the default digest algorithm used to sign certificate enrollment requests.

By default, the digest algorithm used to sign certificate enrollment requests is sha-256.

Format

enrollment-request signature message-digest-method { md5 | sha-1 | sha-256 | sha-384 | sha-512 }

undo enrollment-request signature message-digest-method

Parameters

Parameter Description Value

md5

Specifies the digest algorithm used to sign certificate enrollment requests to MD5.

-

sha-1

Specifies the digest algorithm used to sign certificate enrollment requests to SHA1.

-

sha-256

Specifies the digest algorithm used to sign certificate enrollment requests to SHA2-256.

-

sha-384

Specifies the digest algorithm used to sign certificate enrollment requests to SHA2-384.

-

sha-512

Specifies the digest algorithm used to sign certificate enrollment requests to SHA2-512.

-

Views

PKI realm view

Default Level

2: Configuration level

Usage Guidelines

In SCEP local certificate application mode, after a CA server receives a certificate enrollment request from a PKI entity, the CA server requests a signature for authentication, and generates a local certificate only after the authentication is successful.

For security purposes, the SHA2 algorithm is recommended. MD5 is not recommended.

Example

# Set the digest algorithm used to sign certificate enrollment requests to sha-384.

<HUAWEI> system-view
[HUAWEI] pki realm e
[HUAWEI-pki-realm-e] enrollment-request signature message-digest-method sha-384
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >