No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
pki import-certificate

pki import-certificate

Function

The pki import-certificate command imports a certificate to the device memory.

Format

pki import-certificate { ca | local } realm realm-name { der | pkcs12 | pem } [ filename filename ] [ replace ] [ no-check-validate ] [ no-check-hash-alg ]

pki import-certificate { ca | local } realm realm-name pkcs12 filename filename [ replace ] [ no-check-validate ] [ no-check-hash-alg ] password password

pki import-certificate ocsp realm realm-name { der | pkcs12 | pem } [ filename filename ]

pki import-certificate ocsp realm realm-name pkcs12 filename filename password password

Parameters

Parameter

Description

Value

ca

Imports a CA certificate.

For example, when the device works as an SSL proxy, import the SSL proxy CA certificate and use the private key in the certificate to sign the SSL client certificate again.

-

local

Imports a local certificate.

-

realm realm-name

Specifies the PKI realm name of the imported certificate.

The PKI realm name must already exist.

NOTE:

The domain name cannot contain spaces. Otherwise, the certificate cannot be imported.

der

Imports a certificate in DER format.

-

pkcs12

Imports a certificate in PKCS12 format.

-

pem

Imports a certificate in PEM format.

-

filename filename Specifies the name of the imported certificate. The file name must already exist.
replace

Deletes the original certificate and RSA key pair and imports the new certificate when there are repeated certificates in the domain.

NOTE:

If the RSA key pair of the original certificate is not referenced by other domains, the certificate and key pair are deleted. If the RSA key pair of the original certificate is referenced by other domains, only the original certificate is deleted but the key pair is not deleted.

-

no-check-validate

Specifies whether the validity check is performed on the imported certificate.

-

no-check-hash-alg

Specifies whether a check is performed on the hash algorithm used for the signature of the imported certificate.

-

ocsp

Imports the Online Certificate Status Protocol (OCSP) server's certificate.

-

password password Specifies the decryption password of the certificate, and the password is the same as the password set by the pki export-certificate command. The value must be the name of an existing decryption password of the certificate.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After a certificate is saved to the storage, run this command to import the certificate to the memory for it to take effect.

Multiple certificates can be imported on the device, including the CA certificate, local certificate, and private key.

If you do not know the format of the certificate you want to import, configure each format in turn and check whether the certificate is successfully imported.

Prerequisites

The PKI realm has been created using the pki realm (system view) command, and the certificate file already exists on the storage device.

Precautions

If a certificate file contains a key pair file, the pki import-certificate command imports only the certificate file, but not the key pair file. To import the key pair file, run the pki import rsa-key-pair command after the pki import-certificate command, or run the pki import rsa-key-pair command to import the certificate and key pair files simultaneously.

It is not recommended that multiple local certificates be imported into the same PKI realm. Otherwise, certificate-related services may use the certificates that do not match the services, causing services to become unavailable.

When a certificate in pkcs12 format is imported, the PKI system deletes the file name extension of the original certificate file, adds _localx.cer to generate a new file name, and saves it to the storage component. Therefore, the name of the certificate file to be imported should be less than 50 characters, so the total certificate file name does not exceed 64 characters, and the certificate file cannot be imported to the storage component.

Example

# Import a local certificate to PKI realm abc in file transfer mode.
<Huawei> system-view
[Huawei] pki realm abc 
[Huawei-pki-realm-abc] quit
[Huawei] pki import-certificate local realm abc pem filename local.cer
 Info: Succeeded in importing the certificate.
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 204512

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next