The rsa local-key-pair command configures the RSA key pair used to request a certificate using SCEP or in offline mode.
The undo rsa local-key-pair command deletes the RSA key pair used to request a certificate using SCEP or in offline mode.
By default, the system does not configure the RSA key pair used to request a certificate using SCEP or in offline mode.
| Parameter | Description | Value |
|---|---|---|
| key-name | Specifies the name of the RSA key pair. | The value must be an existing RSA key pair name. |
Usage Scenario
The PKI entity that requests a certificate from the CA using SCEP or in offline PKCS#10 mode must contain a public key. Run this command to configure the RSA key pair.
Prerequisites
The RSA key pair for certificate application has been created using the pki rsa local-key-pair create command or the RSA key pair has been imported to the memory using the pki import rsa-key-pair command.
Precautions
An RSA key pair can be referenced by only one PKI realm.
# Configure the RSA key pair that is referenced by the PKI realm test.
<HUAWEI> system-view [HUAWEI] pki rsa local-key-pair create test Info: The name of the new key-pair will be: test The size of the public key ranges from 512 to 4096. Input the bits in the modules:2048 Generating key-pairs... .........................+++ ................................................................................ ........+++ [HUAWEI] pki realm test [HUAWEI-pki-realm-test] rsa local-key-pair test