The enrollment self-signed command configures self-signed certificate obtaining in the PKI realm.
The undo enrollment self-signed command restores the default certificate obtaining method.
By default, the certificate in a PKI realm, except the PKI realm default, is obtained in SCEP mode.
By default, self-signed certificate obtaining in the PKI realm is not configured.
Usage Scenario
The enrollment self-signed command configures self-signed certificate obtaining in the PKI realm. The device can use the self-signed certificate obtained from the PKI realm to support default HTTPS functions. The certificate issuer name is in the format: device name-Self-Signed-Certificate-ESN.
Prerequisites
The RSA key pair has been configured by using the rsa local-key-pair command.
Precautions
The device generates a self-signed certificate only when the PKI domain is applied to the service.
The device does not support lifecycle management for self-signed certificates. For example, self-signed certificates cannot be registered, updated, or revoked on the device. To ensure security of the device and certificates, it is recommended the user's certificate be used.
To configure self-signed certificate obtaining, delete the certificate in the PKI realm.
After the enrollment self-signed command is run, the device will not generate certificate expiration logs when its self-signed certificate expires.