The pki built-in-ca match-rsa-key command configures a device to search for the RSA key pair associated with a specific SSL decryption certificate.
| Parameter | Description | Value |
|---|---|---|
| file-name | Specifies the name of an SSL decryption certificate. | It must be the name of an existing SSL decryption certificate. |
Usage Scenario
Run this command to view the RSA key pair associated with an SSL decryption certificate. Then the system searches all local RSA key pairs for the desired one, and displays the key pair name.
Prerequisites
An SSL decryption certificate has been generated using the pki generate built-in-ca certificate command or an SSL decryption certificate has been imported.
# Configure a device to search for the RSA key pair that matches the certificate file rsakey_builtinca.cer.
<sysname> system-view [sysname] pki generate built-in-ca certificate rsa-key-pair rsakey entity entity1 Please enter the file name for built in CA certificate <length 1-64> : rsakey_builtinca.cer Info: Generate built in CA certificate successfully. [sysname] pki built-in-ca match-rsa-key certificate-filename rsakey_builtinca.cer Info: The file rsakey_builtinca.cer contains certificates 1. Info: Certificate 1 from file rsakey_builtinca.cer matches RSA key rsakey.