pki request-certificate domain pkcs10

Function

The pki request-certificate domain command generates the certificate request file.

Format

pki request-certificate domain domain-name pkcs10

Parameters

Parameter Description Value
domain-name

Indicates the name of the PKI domain.

It is a string of 1 to 31 case sensitive characters.
pkcs10

Indicates that the certificate request file formatted PKCS10 is generated, and used for the offline application of the certificate.

-

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
pki execute

Usage Guidelines

Usage Scenario

Currently, the device only supports the offline application of the certificate. The user needs to generate a certificate request file on the device, and sends the file to the CA through the methods such as disks, and emails to apply for the local certificate.

To generate the certificate request file, run the pki request-certificate domain command. The file name is domain-name.req, and SHA2-256 is used as the signature algorithm by default. MD5 uses a 128-bit key, SHA1 uses a 160-bit key, SHA2-256 uses a 256-bit key, SHA2-384 uses a 384-bit key, and SHA2-512 uses a 512-bit key. A longer key has a higher security but a lower calculating rate. Configuring MD5 or SHA1 is not recommended for the sake of security.

Example

# Generate the certificate request file.
<HUAWEI> system-view
[~HUAWEI] pki entity entity1
[*HUAWEI-pki-entity-entity1] ip-address 10.1.1.1
[*HUAWEI-pki-entity-entity1] common-name test
[*HUAWEI-pki-entity-entity1] commit
[~HUAWEI-pki-entity-entity1] quit
[~HUAWEI] pki domain domain1
[*HUAWEI-pki-domain-domain1] certificate request entity entity1
[*HUAWEI-pki-domain-domain1] quit
[*HUAWEI] pki request-certificate domain domain1 pkcs10
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >