| Parameter | Description | Value |
|---|---|---|
| domain-name |
Indicates the name of the PKI domain. |
It is a string of 1 to 31 case sensitive characters. |
| pkcs10 |
Indicates that the certificate request file formatted PKCS10 is generated, and used for the offline application of the certificate. |
- |
| signature-algorithm |
Indicates the signature algorithm. |
- |
| sha2-256 |
Indicates that SHA2-256 is used as a signature algorithm. |
- |
| sha2-384 |
Indicates that SHA2-384 is used as a signature algorithm. |
- |
| sha2-512 |
Indicates that SHA2-512 is used as a signature algorithm. |
- |
Usage Scenario
Currently, the device only supports the offline application of the certificate. The user needs to generate a certificate request file on the device, and sends the file to the CA through the methods such as disks, and emails to apply for the local certificate.
To generate the certificate request file, run the pki request-certificate domain command. The file name is domain-name.req, and SHA2-256 is used as the signature algorithm by default. SHA2-256 uses a 256-bit key, SHA2-384 uses a 384-bit key, and SHA2-512 uses a 512-bit key. A longer key has a higher security but a lower calculating rate.<HUAWEI> system-view [~HUAWEI] pki entity entity1 [*HUAWEI-pki-entity-entity1] ip-address 10.1.1.1 [*HUAWEI-pki-entity-entity1] common-name test [*HUAWEI-pki-entity-entity1] commit [~HUAWEI-pki-entity-entity1] quit [~HUAWEI] pki domain domain1 [*HUAWEI-pki-domain-domain1] certificate request entity entity1 [*HUAWEI-pki-domain-domain1] quit [*HUAWEI] pki request-certificate domain domain1 pkcs10 signature-algorithm sha2-384