No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fit AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
pki import-certificate

pki import-certificate

Function

The pki import-certificate command imports a certificate to the device memory.

Format

pki import-certificate { ca | local } realm realm-name { der | pkcs12 | pem } [ filename filename ] [ replace ] [ no-check-validate ] [ no-check-hash-alg ]

Parameters

Parameter

Description

Value

ca

Imports a CA certificate.

For example, when the device works as an SSL proxy, import the SSL proxy CA certificate and use the private key in the certificate to sign the SSL client certificate again.

-

local

Imports a local certificate.

-

realm realm-name

Specifies the PKI realm name of the imported certificate.

The value can be set only to default.

der

Imports a certificate in DER format.

-

pkcs12

Imports a certificate in PKCS12 format.

-

pem

Imports a certificate in PEM format.

-

filename filename Specifies the name of the imported certificate. The file name must already exist.
replace

Deletes the original certificate and RSA key pair and imports the new certificate when there are repeated certificates in the domain.

NOTE:

If the RSA key pair of the original certificate is not referenced by other domains, the certificate and key pair are deleted. If the RSA key pair of the original certificate is referenced by other domains, only the original certificate is deleted but the key pair is not deleted.

-

no-check-validate

Specifies whether the validity check is performed on the imported certificate.

-

no-check-hash-alg

Specifies whether a check is performed on the hash algorithm used for the signature of the imported certificate.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After a certificate is saved to the storage, run this command to import the certificate to the memory for it to take effect.

Multiple certificates can be imported on the device, including the CA certificate, local certificate, and private key.

NOTE:

If you do not know the format of the certificate you want to import, configure each format in turn and check whether the certificate is successfully imported.

Precautions

If a certificate file contains a key pair file, the pki import-certificate command imports only the certificate file, but not the key pair file. To import the key pair file, run the pki import rsa-key-pair command after the pki import-certificate command, or run the pki import rsa-key-pair command to import the certificate and key pair files simultaneously.

It is not recommended that multiple local certificates be imported into the same PKI realm. Otherwise, certificate-related services may use the certificates that do not match the services, causing services to become unavailable.

When a certificate in pkcs12 format is imported, the PKI system deletes the file name extension of the original certificate file, adds _localx.cer to generate a new file name, and saves it to the storage component. Therefore, the name of the certificate file to be imported should be less than 50 characters, so the total certificate file name does not exceed 64 characters, and the certificate file cannot be imported to the storage component.

Example

# Import a local certificate to PKI realm default in file transfer mode.
<Huawei> system-view
[Huawei] pki import-certificate local realm default pem filename local.cer
 Info: Succeeded in importing the certificate.
Translation
Download
Updated: 2019-07-18

Document ID: EDOC1100064353

Views: 152915

Downloads: 125

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next