Step 3 Run:
fingerprint { md5 | sha1 } fingerprint
The CA certificate fingerprint used in CA certificate authentication is configured.
A CA certificate fingerprint is usually sent to the AR1200-S using emails. By default, no CA
certificate fingerprint is configured on the AR1200-S.
----End
12.4.6 (Optional) Configuring a Certificate Revocation Password
Configuring a certificate revocation password prevents users from incorrectly revoking
certificates. This improves operation security.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
pki realm realm-name
A PKI domain is configured.
By default, no PKI domain is configured on the AR1200-S.
Step 3 Run:
password [ cipher ] password
A certificate revocation password is configured.
By default, no certificate revocation password is configured on the AR1200-S.
----End
12.4.7 (Optional) Configuring the RSA Key Length of Certificates
After the RSA key length of certificates is set, the AR1200-S generates the RSA key of the
specified length when requesting a certificate.
Context
An RSA key pair contains a public key and a private key. When host A requests a certificate,
the certificate request must contain the public key. After a certificate is granted to host A, host
B uses the public key of host A to encrypt data sent to host A. Host A saves the private key and
uses it to decrypt data sent from host B or generates a digital signature for data sent to host B.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 12 PKI Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
243
To Next Page
Loading...
