cmp request rsa local-key-pair

Function

The cmp request rsa local-key-pair command configures an RSA key pair to be used by a device to request a certificate through CMPv2.

The undo cmp request rsa local-key-pair command cancels the configuration.

By default, no RSA key pair is configured to be used by a device to request a certificate through CMPv2.

Format

cmp request rsa local-key-pair key-name [ regenerate [ key-bit ] ]

undo cmp request rsa local-key-pair

Parameters

Parameter	Description	Value
key-name	Specifies the name of an RSA key pair.	The value is a case-insensitive string of 1 to 31 characters.
regenerate	Indicates that RSA key pairs are updated during a certificate update.	-
key-bit	Specifies the number of bits in an RSA key pair generated during a certificate update.	The value is an integer ranging from 2048 to 4096. The default value is 2048.

Parameter

Description

Value

key-name

Specifies the name of an RSA key pair.

The value is a case-insensitive string of 1 to 31 characters.

regenerate

Indicates that RSA key pairs are updated during a certificate update.

key-bit

Specifies the number of bits in an RSA key pair generated during a certificate update.

The value is an integer ranging from 2048 to 4096. The default value is 2048.

Views

PKI CMP session view, VS PKI CMP session view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
pim	write

Usage Guidelines

Usage Scenario

To apply for a certificate through CMPv2, you need to run the cmp request rsa local-key-pair command in the CMP session view.

Configuration Impact

Note the following points when you use the cmp request rsa local-key-pair command:

If you do not specify regenerate in the command, the system uses the original RSA key pairs during automatic certificate updates.
If you specify regenerate in the command, the system generates new RSA key pairs during certificate updates to request certificates and overwrites the original certificates and RSA key pairs with the new ones.
The system stores the new RSA key pairs generated during certificate updates in a temporary cache. After the system obtains the new certificates, the system replaces the original RSA key pairs with the new ones.

Precautions

One RSA key pair can be referenced by only one CMP session or PKI domain.

Example

# Configure the RSA key pair to be referenced by CMP session session1 and configure the system to upgrade the RSA key pair during a certificate update.

<HUAWEI> system-view
[~HUAWEI] pki domain domain1
[*HUAWEI-pki-domain-domain1] pki cmp session session1
[*HUAWEI-pki-domain-domain1-pki-cmp-session-session1] cmp request rsa local-key-pair key1 regenerate