< Home

pki generate built-in-ca certificate

Function

The pki generate built-in-ca certificate command generates an SSL decryption certificate.

Format

pki generate built-in-ca certificate rsa-key-pair rsa-key-pair-name entity entity-name

Parameters

Parameter Description Value
rsa-key-pair rsa-key-pair-name Specifies the name of the RSA key pair in an SSL decryption certificate. The RSA key pair must exist in the memory.
entity entity-name Specifies the PKI entity name. The PKI entity must have been configured and have a common name. If the PKI entity does not have a common name, an SSL decryption certificate cannot be generated.

Views

System view:

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To enable a proxy for SSL connection, the device complies with the certificate information on the real server and issues another certificate to the client using the SSL decryption certificate.

The SSL decryption certificate file generated on the USG6000E are stored in the hda1:/ directory. The SSL decryption certificate file is named Name of the RSA Key Pair of the SSL Decryption Certificate_builtinca.cer.

Prerequisites

  1. An RSA key pair of the SSL decryption certificate has been created using the pki rsa built-in-ca command or the RSA key pair has been imported to the memory of the device using the pki import built-in-ca rsa-key-pair command.
  2. A PKI entity has been created using the pki entity command.
  3. The common name of the PKI entity has been configured using the common-name command.

Example

# Generate an SSL decryption certificate.

<sysname> system-view
[sysname] pki rsa built-in-ca rsakey create
 Info: The name of the new key-pair will be: rsakey
 The size of the public key ranges from 2048 to 4096.
 Input the bits in the modules:2048
 Generating key-pairs...
........++++++
........++++++
[sysname] pki entity entity1
[sysname-pki-entity-entity1] common-name huawei
[sysname-pki-entity-entity1] quit
[sysname] pki generate built-in-ca certificate rsa-key-pair rsakey entity entity1
 Please enter the file name for built in CA certificate <length 1-64> : key1
Info: Generate built in CA certificate successfully.
# View the generated SSL decryption certificate.
<sysname> dir hda1:/
13  -rw-      1155  Oct 16 2013 13:54:10   key1
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >