self-signed rsa modulus
Function
The self-signed rsa modulus command generates the RSA self-signed certificate.
The undo self-signed rsa modulus command cancels the generated RSA self-signed certificate.
By default, a self-signed RSA certificate is not generated.
This command is supported only on the NetEngine 8000 F1A.
Usage Guidelines
Usage Scenario
In the HTTPS redirect application scenario, if no certificate is imported to a device, you can run the self-signed rsa modulus command to configure an RSA self-signed certificate to complete the HTTPS interaction with the client. Otherwise, the HTTPS redirection function is unavailable.
Precautions
- Configuring the key length as 1024 improves the performance, but the security level is low. Therefore, if the key length is 1024, a prompt will be displayed asking you to configure an RSA module with the length of 2048. Most browsers have deleted the 1024-bit root certificate from trusted root certificates, and some browsers have stopped supporting 1024-bit root certificates, leading to a failure in HTTPS redirection. Therefore, you are advised to use a 2048-bit self-signed certificate.
- By default, the validity period of an RSA self-signed certificate is 10 years. After the validity time is expiring, the device does not automatically update or trigger alarms or perform HTTPS redirection. To update the RSA self-signed certificate, run the undo self-signed rsa modulus command to cancel the generated RSA self-signed certificate and then reconfigure an RSA self-signed certificate.
- In VS mode, this command is supported only by the admin VS.