No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Downloading a Local Certificate

(Optional) Downloading a Local Certificate


The device has applied for the local certificate in offline mode, and the local certificate has been enrolled on the CA successfully.


If the device applies for the local certificate through SCEP, it automatically downloads the local certificate. The local certificate needs to be downloaded only when the local certificate is applied for in offline mode.

The device often obtains the local certificate using the following methods depending on the service types provided by the CA server:
  • Download the local certificate from the web server to the device storage through HTTP.

  • Obtain the local certificate in an outbound way (web, disk, or email) and then upload it to the device storage.


  • Download the local certificate through HTTP.
    1. Run system-view

      The system view is displayed.

    2. Run pki http [ esc ] url-address save-name

      The device is configured to download the local certificate through HTTP.

      url-address must include a complete certificate file name and file name extension, for example, If url-address specifies a domain name, ensure that the domain name can be resolved.

  • Download the local certificate in an outbound way (web, disk, or email).

    After you obtain the local certificate in an outbound way (web, disk, or email), manually upload it to the device storage. You can also download the local certificate through the administrator's PC and then upload it to the device storage through FTP or SFTP, or web system.

Verifying the Configuration

  • Run the display pki credential-storage-path command to check the default path where a PKI certificate is stored.

  • Run the dir (user view) command to check the local certificate file in a storage device.

Updated: 2019-04-01

Document ID: EDOC1000178319

Views: 146292

Downloads: 79

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next