No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
pki export-certificate

pki export-certificate

Function

The pki export-certificate command exports a certificate to the device storage.

Format

pki export-certificate { ca | local | ocsp } realm realm-name { der | pem | pkcs12 } [ filename filename ]

pki export-certificate local realm realm-name { pem | pkcs12 } filename filename password password

Parameters

Parameter

Description

Value

ca

Exports a CA certificate.

-

local

Exports a local certificate.

-

ocsp

Exports the Online Certificate Status Protocol (OCSP) certificate.

-

realm realm-name

Specifies the PKI realm name of a certificate.

The PKI realm name must already exist.

der

Exports a certificate in DER format.

-

pem

Exports a certificate in PEM format.

-

pkcs12

Exports a certificate in P12 format.

-

filename filename

Specifies the name of an exported certificate file.

The value is a string of 1 to 64 case-sensitive characters without spaces and question marks (?). When the value contains a directory, it is a string of 1 to 127 characters, for example, flash:/8ab3/ab3.pem.

password password

Specifies the password of an exported certificate file.

The value is a string of 6 to 32 case-sensitive characters without question marks (?).

To enhance security, a password must meet the minimum strength requirements, that is, the password needs to contain at least three types of the following characters: letters, numerals, and special characters, such as exclamation points (!), at signs (@), number signs (#), dollar signs ($), and percent (%).

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To copy a certificate to another device, run the pki export-certificate command to export a certificate to the flash of the local device first, and then transfer the certificate to another device using a file transfer protocol.

Before using this command, run the display pki certificate command to view information about certificates on the device.

Prerequisites

A PKI realm has been created using the pki realm (system view) command.

Precautions

When the exported certificate file does not contain a private key, the device does not encrypt this file.

When you export the private key, the system asks you to enter the private key file name. If the private key file name and the certificate file name are the same, the private key and certificate are stored in the same file. If they are different, they are stored in different files.

When you export the private key, the system asks you to enter the private key file format and set the password. The password will be used when you run the pki import-certificate command to import this private key.

Using a simple password may introduce security risks. The password must consist of at least two types of the following: uppercase letters, lowercase letters, numerals, and special characters.

After the enrollment self-signed command is used in the PKI realm, you cannot use the pki export-certificate command to export certificates to files.

Example

# Export the local certificate in the PKI realm abc.

<Huawei> system-view
[Huawei] pki realm abc
[Huawei-pki-realm-abc] quit
[Huawei] pki export-certificate local realm abc pem
 Please enter the name of certificate file <length 1-127>: aa  
 If you only export the certificate, do not export the private key.   
 You can directly enter empty of private key file.
 Please enter the name of private key file <length 1-127>:     
 Info: Succeeded in exporting the certificate.
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207917

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next