< Home

pki rsa local-key-pair create

Function

The pki rsa local-key-pair create command creates the specified RSA key pair.

Format

pki rsa local-key-pair create key-name [ modulus modulus-size ] [ exportable ]

Parameters

Parameter

Description

Value

key-name

Specifies the name of the RSA key pair to be created.

The value is a string of 1 to 64 case-sensitive characters without question marks (?) and spaces. If the string is enclosed in double quotation marks (" "), the string can contain spaces.

modulus modulus-size

Specifies the size of the RSK key pair.

The value is an integer that ranges from 2048 to 4096. The default value is 2048.

exportable

Indicates that the new RSA key pair can be exported from the device.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When a PKI entity requests a certificate from the CA, the certificate enrollment request that it sends contains information such as the public key. Run this command to create the RSA key pair for the certificate request.

Windows Server 2003 has a low processing performance. For the device to connect to a Windows Server 2003, the device cannot have too many entities configured or use a large-sized key pair.

Precautions

When creating the key pair, the system prompts the user to enter the number of bits of the RSA key pair. The longer the key pair, the harder it is to crack, and the more secure but slow the encryption algorithm. It is recommended that the number of bits of the RSA key pair exceed 2048; otherwise, it has security risks.

The name of an RSA key pair cannot exceed 50 characters. Because when an RSA key pair is imported, if the certificate is imported at the same time, the PKI system adds _localx.cer after the name of the RSA key pair to generate a new certificate file name, and saves it to the storage component. If the name exceeds 50 characters, the total number of characters exceeds 64, and the certificate file cannot be saved to the storage component.

The RSA key pair referenced by PKI realms cannot be overwritten. They can be overwritten only after the reference relationship is removed.

If the name of the new RSA key pair is the same as that of a pair on the device, the system prompts the user to decide whether to overwrite the existing pair.

Example

# Create 2048-bit RSA key pair test.

<HUAWEI> system-view
[HUAWEI] pki rsa local-key-pair create test
 Info: The name of the new key-pair will be: test                               
 The size of the public key ranges from 2048 to 4096.                                   
 Input the bits in the modules:2048                              
 Generating key-pairs...                                                             
......+++                                                              
.......+++
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >