Destroying the local RSA key pair
A certificate has a lifetime, which is determined by the CA. You can destroy the old RSA key pair and then create a new one to request a new certificate when any of the following conditions occurs:
The private key of the old RSA key pair is compromised.
The certificate is about to expire.
To destroy the local RSA key pair:
Step | Command |
---|---|
1. Enter system view. | system-view |
2. Destroy a local RSA key pair. | public-key local destroy rsa |
For more information about the public-key local destroy command, see Security Command Reference.