Destroying an asymmetric key pair, Configuring a peer public key – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 275

261

Step Command

Remarks

Display the local RSA host
public key on the screen in a

specific format, or export it to
a specific file.

public-key local export rsa
{ openssh | ssh1 | ssh2 }
[ filename ]

Required

Destroying an asymmetric key pair

You may need to destroy an asymmetric key pair and generate a new pair when an intrusion event has
occurred, the storage media of the device is replaced, the asymmetric key has been used for a long time,

or the certificate from the Certificate Authority (CA) expires. To check the certificate status, use the display

pki certificate command. For more information about the CA and certificate, see "Configuring PKI."
To destroy an asymmetric key pair:

Step Command

Remarks

Enter system view.

system-view

N/A

Destroy an asymmetric key
pair.

public-key local destroy rsa

Required

Configuring a peer public key

To enable your local device to authenticate a peer device, configure the peer RSA public key on the local

device. The following methods are available:

•

Import it from a public key file—Obtain a copy of the peer public key file through FTP or TFTP (in
binary mode) first, and then import the public key from the file. During the import process, the

system automatically converts the public key to a string in PKCS (Public Key Cryptography

Standards) format. H3C recommends that you follow this method to configure the peer public key.

•

Configure it manually—If the peer device is an H3C device, you can use the display public-key
local public command to view and record its public key. On the local device, input or copy the key

data in public key code view. A public key displayed by other methods may not in the PKCS format,

and the system cannot save the format-incompliant key.

NOTE:

The device supports up to 20 peer pubic keys.

To import a peer host public key from the public key file:

Step Command

Remarks

Enter system view.

system-view

N/A

Import the peer host public

key from the public key file.

public-key peer keyname import
sshkey filename

Required

To configure a peer public key manually:

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000