certificate request mode

Syntax

certificate request mode { auto [ key-length key-length | password { cipher | simple } password ] * | manual }

undo certificate request mode

View

PKI domain view

Default level

2: System level

Parameters

auto: Requests certificates in auto mode.

key-length: Specifies the RSA key length in bits. In non-FIPS mode, the value range is 512 to 2048, and the default is 1024. In FIPS mode, the value must be 2048.

cipher: Sets a ciphertext password for certificate revocation.

simple: Sets a plaintext password for certificate revocation.

password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 31 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.

manual: Requests certificates in manual mode.

Description

Use certificate request mode to set the certificate request mode.

Use undo certificate request mode to restore the default.

By default, manual mode is used.

In auto mode, an entity automatically requests a certificate from an RA or CA when it has no certificate. However, if the certificate will expire or has expired, the entity does not initiate a re-request automatically. To have a new local certificate, you need to request one manually. In manual mode, all operations associated with certificate request are carried out manually. The plaintext password or ciphertext password is saved in cipher text in the configuration file.

Related commands: pki request-certificate.

Examples

# Specify to request a certificate in auto mode.

<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] certificate request mode auto