To Next Page

To Previous Page

501

public-key rsa

Use public-key rsa to specify an RSA key pair for certificate request.

Use undo public-key to restore the default.

Syntax

public-key rsa { { encryption name encryption-key-name [ length key-length ] | signature name

signature-key-name [ length key-length ] } * | general name key-name [ length key-length ] }

undo public-key

Default

No key pair is specified for certificate request.

Views

PKI domain view

Predefined user roles

network-admin

Parameters

encryption: Specifies a key pair for encryption.

name encryption-key-name: Specifies a key pair name, a case-insensitive string of 1 to 64

characters. The key pair name can contain only letters, digits, and hyphens (-).

signature: Specifies a key pair for signing.

name signature-key-name: Specifies a key pair name, a case-insensitive string of 1 to 64

characters. The key pair name can contain only letters, digits, and hyphens (-).

general: Specifies a key pair for both signing and encryption.

name key-name: Specifies a key pair name, a case-insensitive string of 1 to 64 characters. The key

pair name can contain only letters, digits, and hyphens (-).

length key-length: Specifies the key length, in bits. In non-FIPS mode, the value range is 512 to

2048, and the default is 1024. In FIPS mode, the value must be 2048. A longer key means higher

security but more public key calculation time.

Usage guidelines

You can specify a nonexistent key pair in this command. You can get a key pair in any of the following

ways:

• Use the public-key local create command to generate a key pair.

• An application, like IKE using digital signature authentication, triggers the device to generate a

key pair.

• Use the pki import command to import a certificate containing a key pair.

A PKI domain can have key pairs using only one type of cryptographic algorithm (DSA, ECDSA, or

RSA).

• If DSA or ECDSA is used, a PKI domain can have only one key pair. If you configure a DSA or

ECDSA key pair multiple times, the most recent configuration takes effect.

• If RSA is used, a PKI domain can have two key pairs of different purposes: one is the signing

key pair, and the other is the encryption key pair. If you configure an RSA signing key pair or

RSA encryption key pair multiple times, the most recent configuration takes effect. The RSA

signing key pair and encryption key pair do not overwrite each other.

If you specify a signing key pair and an encryption key pair separately, their key length can be

different.

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS