< Home

pki create-certificate

Function

The pki create-certificate command creates a self-signed certificate or local certificate.

Format

pki create-certificate [ self-signed ] filename file-name

Parameters

Parameter

Description

Value

self-signed

Creates a self-signed certificate. If this parameter is not specified, a local certificate is created.

  • A self-signed certificate is issued by a PKI device itself. In a self-signed certificate, the certificate issuer and subject are the same.

  • A local certificate is issued by a PKI entity itself based on the certificate issued by CA. The issuer in a local certificate is CA.

-

filename file-name

Specifies the name of a certificate file.

The value is a string of 1 to 64 case-insensitive characters without spaces or question marks.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After a self-signed certificate or local certificate is generated by the device, the certificate file is saved in the storage device as a PEM file. You can export the certificate for other devices to use. This simplifies certificate issue process.

When you run the pki create-certificate command, the system asks you to enter certificate information, for example, PKI entity parameters, certificate file name, certificate validity period, and RSA key length.

Precautions

The device does not provide lifecycle management for self-signed certificates. For example, self-signed certificates cannot be updated or revoked on the device. To ensure security of the device and certificates, a local certificate is recommended.

The virtual system supports only the self-signed certificates, but does not support the local certificate issued by CA.

Example

# Create a self-signed certificate huawei.

<sysname> system-view
[sysname] pki create-certificate self-signed filename huawei
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >