certificate request mode
Syntax
certificate request mode { auto [ key-length key-length | password { cipher | simple } password ] * | manual }
undo certificate request mode
View
PKI domain view
Default level
2: System level
Parameters
auto: Requests certificates in auto mode.
key-length: Specifies the RSA key length in bits. In non-FIPS mode, the value range is 512 to 2048, and the default is 1024. In FIPS mode, the value must be 2048.
cipher: Sets a ciphertext password for certificate revocation.
simple: Sets a plaintext password for certificate revocation.
password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 31 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
manual: Requests certificates in manual mode.
Description
Use certificate request mode to set the certificate request mode.
Use undo certificate request mode to restore the default.
By default, manual mode is used.
In auto mode, an entity automatically requests a certificate from an RA or CA when it has no certificate. However, if the certificate will expire or has expired, the entity does not initiate a re-request automatically. To have a new local certificate, you need to request one manually. In manual mode, all operations associated with certificate request are carried out manually. The plaintext password or ciphertext password is saved in cipher text in the configuration file.
Related commands: pki request-certificate.
Examples
# Specify to request a certificate in auto mode.
<Sysname> system-view [Sysname] pki domain 1 [Sysname-pki-domain-1] certificate request mode auto