enrollment-request signature message-digest-method

Function

The enrollment-request signature message-digest-method command sets the message digest method of signature for the enrollment request.

The undo enrollment-request signature message-digest-method command restores the default message digest method.

By default, the message digest method of signature for the enrollment request is sha-256.

Format

enrollment-request signature message-digest-method { md5 | sha1 | sha-256 | sha-384 | sha-512 | sm3 }

undo enrollment-request signature message-digest-method

Parameters

Parameter Description Value
md5 Sets the digest method used for the enrollment request packet of signed certificate to MD5.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

 -
sha1 Sets the digest method used for the enrollment request packet of signed certificate to SHA1.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

 -
sha-256 Sets the digest method used for the enrollment request packet of signed certificate to SHA2-256.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

 -
sha-384 Sets the digest method used for the enrollment request packet of signed certificate to SHA2-384.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

 -
sha-512 Sets the digest method used for the enrollment request packet of signed certificate to SHA2-512.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

 -
sm3 Sets the digest method used for the enrollment request packet of signed certificate to SM3.

This parameter is supported only when an SM2 key pair is used to apply for a certificate.

 -

Views

PKI realm view

Default Level

2: Configuration level

Usage Guidelines

In SCEP local certificate application mode, after a CA server receives a certificate enrollment request from a PKI entity, the CA server requests a signature for authentication, and generates a local certificate only after the authentication is successful.

Other algorithms are more secure than MD5 and SHA1 algorithms and so are recommended.

Example

# Set the message-digest method of signature for enrollment request to be sha-384.

<sysname> system-view
[sysname] pki realm e
[sysname-pki-realm-e] enrollment-request signature message-digest-method sha-384
Copyright © Huawei Technologies Co., Ltd.