R3303-HP HSR6800 Routers Security Command Reference
259
pki import-certificate
Use pki import-certificate to import a CA certificate or local certificate from a file and save it locally.
Syntax
pki import-certificate { ca | local } domain domain-name { der | p12 | pem } [ filename filename ]
Views
System view
Default command level
2: System level
Parameters
ca: Specifies the CA certificate.
local: Specifies the local certificate.
domain-name: Specifies a PKI domain by its name, a string of 1 to 15 characters.
der: Specifies the certificate format of DER.
p12: Specifies the certificate format of P12.
pem: Specifies the certificate format of PEM.
filename filename: Specifies the name of the certificate file to import, a case-insensitive string of 1 to 127
characters. If no file is specified, the system uses the default file name that is used when the certificate is
obtained, that is domain-name_ca.cer, domain-name_local.cer, or
domain-name_peerentity_entity-name.cer.
Usage guidelines
In FIPS mode, MD5 certificates cannot be imported.
Examples
# Import the CA certificate for PKI domain cer in the format of PEM.
<Sysname> system-view
[Sysname] pki import-certificate ca domain cer pem
Related commands
pki domain
pki request-certificate domain
Use pki request-certificate domain to request a local certificate from a CA through SCEP. If SCEP fails,
you can use the pkcs10 keyword to print the request information in BASE64 format, or use the pkcs10
filename filename option to save the request information to a local file and send the file to the CA by an
out-of-band means.
Syntax
pki request-certificate domain domain-name [ password ] [ pkcs10 [ filename filename ] ]
Default
The obtained certificate is stored in the root directory with the filename domain-name_ca.cer,
domain-name_local.cer, or domain-name_peerentity_entity-name.cer.