Since AR router could not enroll the certificate automatically from CA server, we can use out-band mode to import the certificates.
a.Download the AR local certificate from CA server and upload to AR router
b. Get CA certificate automatically from CA server using below command
[HQ1]pki get-certificate ca XXX
Info: CA certificate is existed.
The old CA certificate will be covered with the new one. Are you sure[Y/N]: y
Get CA certificate will take a few moment,please waiting........
The trusted CA's fingerprint is:
MD5 fingerprint: 113525d8 96d35936 c38235ea 2cee80eb
SHA1 fingerprint: 6330974f b2fe3c52 d16bdac4 0140918b 4bcd3ec7
Is the fingerprint correct? [Y/N]: y
Get CA certificate successful.
c. Then import these certificates locally.
[HQ1]pki import-certificate local XXX der
[HQ1]pki import-certificate ca XXX der
After that, using below command to verify certificate on AR router.
<Huawei> display pki certificate ca XXX
<Huawei> display pki certificate local XXX
RnD will release new version to support customer scenarios.