268
Destroying a local asymmetric key pair
You might have to destroy a local asymmetric key pair and generate a new pair when an intrusion
event has occurred, the storage media of the device is replaced, the asymmetric key has been used
for a long time, or the local certificate expires. For more information about the local certificate, see
"Configuring PKI."
To destroy a local asymmetric key pair:
Step Command
1. Enter system view.
system-view
2. Destroy a local asymmetric key pair.
public-key local destroy
{
dsa
|
rsa
} [
name
key-name ]
Configuring the local RSA key pair for certificate
request
In auto request mode, you can configure a PKI entity to generate an RSA key pair with a specific
name when the entity is triggered to submit a local certificate request. For more information about
local certificates, see "Configuring PKI."
To specify the RSA key pair for local certificate request:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter PKI domain view.
pki domain
domain-name N/A
3. (Optional) Specify an RSA
key pair for certificate
request.
public-key rsa general name
key-name
By default, the PKI entity uses the
RSA key pair that takes the
default name for certificate
request.
Exporting an RSA key pair
To copy a local RSA key pair to another device, you must export the RSA key pair on the local device
and then import it to the target device. For information about importing an RSA key pair, see
"Importing an RSA key pair."
T
o export an RSA key pair:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Export an RSA key pair in
PEM format.
public-key local export rsa name
key-name
pem
{
3des-cbc
|
aes-cbc-128
|
aes-cbc-192
|
aes-cbc-256
|
des-cbc
}
password
The command displays the
public key and private key of the
exported RSA key pair in PEM
format on the terminal. The
private key is encrypted by the
encryption algorithm and
password specified in the
command.
You cannot export the default
RSA key pair.
To Next Page
Loading...
Need help?
General
