pki rsa built-in-ca

Usage Scenario

When the device uses the SSL decryption certificate to perform the proxy function for the SSL connection, the certificate must contain a public key. Run this command to create the RSA key pair of the SSL decryption certificate.

If the RSA key pair is referenced by the certificate and has been imported to the memory, you cannot overwrite or destroy the pair directly. To overwrite or destroy the RSA key pair, you can run the pki delete-certificate built-in-ca command to delete the SSL decryption certificate from the memory first.

When creating or overwriting the RSA key pair, you must enter the number of bits of the RSA key pair. The default value is 2048.

Precautions

The name of an RSA key pair cannot exceed 50 characters. Because when an RSA key pair is imported, if the certificate is imported at the same time, the PKI system adds _builtinca.cer after the name of the RSA key pair to generate a new certificate file name, and saves it to the storage component. If the name exceeds 50 characters, the total number of characters exceeds 64, and the certificate file cannot be saved to the storage component.

When creating the key pair, the system prompts the user to enter the number of bits of the RSA key pair. The longer the key pair, the harder it is to crack, and the more secure but slow the encryption algorithm. It is recommended that the number of bits of the RSA key pair exceed 2048; otherwise, it has security risks.