433
The specified elliptic curve takes effect only if you specify a nonexistent key pair. The device will
automatically create the key pair by using the specified name and curve before submitting a
certificate request. The curve parameter is ignored if the specified key pair already exists or is
already contained in an imported certificate.
Examples
# Specify 384-bit ECDSA key pair
abc
for certificate request.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] public-key ecdsa name abc secp384r1
Related commands
pki import
public-key local create
public-key rsa
Use
public-key rsa
to specify an RSA key pair for certificate request.
Use
undo public-key
to restore the default.
Syntax
public-key rsa
{ {
encryption name
encryption-key-name
[
length
key-length
] |
signature name
signature-key-name
[
length
key-length
] } * |
general name key-name
[
length
key-length
] }
undo public-key
Default
No key pair is specified for certificate request.
Views
PKI domain view
Predefined user roles
network-admin
mdc-admin
Parameters
encryption
: Specifies a key pair for encryption.
name encryption-key-name
: Specifies a key pair name, a case-insensitive string of 1 to 64
characters. The key pair name can contain only letters, digits, and hyphens (-).
signature
: Specifies a key pair for signing.
name signature-key-name
: Specifies a key pair name, a case-insensitive string of 1 to 64 characters.
The key pair name can contain only letters, digits, and hyphens (-).
general
: Specifies a key pair for both signing and encryption.
name key-name
: Specifies a key pair name, a case-insensitive string of 1 to 64 characters. The key
pair name can contain only letters, digits, and hyphens (-).
length key-length
: Specifies the key length, in bits. In non-FIPS mode, the value range is 512 to
2048, and the default is 1024. In FIPS mode, the value must be 2048. A longer key means higher
security but more public key calculation time.