Specifying the key pair for certificate request

You can specify a nonexistent key pair for certificate request. The PKI entity automatically creates the key pair before submitting a certificate request.

1. Enter system view.

   system-view

2. Enter PKI domain view.

   pki domain domain-name

3. Specify the key pair for certificate request.

   • Specify an RSA key pair.

     public-key rsa { { encryption name encryption-key-name [ length key-length ] | signature name signature-key-name [ length key-length ] } * | general name key-name [ length key-length ] }

   • Specify an ECDSA key pair.

     In non-FIPS mode:

     public-key ecdsa name key-name [ secp192r1 | secp256r1 | secp384r1 | secp521r1 ]

     In FIPS mode:

     public-key ecdsa name key-name [ secp256r1 | secp384r1 | secp521r1 ]

   • Specify a DSA key pair.

     public-key dsa name key-name [ length key-length ]

   By default, no key pair is specified.