F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Command Reference-6PW100
146
Syntax
pki import-certificate { ca | local } domain domain-name { der | p12 | pem } [ filename filename ]
Views
System view
Default command level
2: System level
Parameters
ca: Specifies the CA certificate.
local: Specifies the local certificate.
domain-name: Name of the PKI domain, a string of 1 to 15 characters.
der: Specifies the certificate format of DER.
p12: Specifies the certificate format of P12.
pem: Specifies the certificate format of PEM.
filename filename: Specifies the name of the certificate file to import, a case-insensitive string of 1 to 127
characters. If no file is specified, the system uses the default file name that is used when the certificate is
retrieved, that is domain-name_ca.cer, domain-name_local.cer, or
domain-name_peerentity_entity-name.cer.
Usage guidelines
In FIPS mode, you cannot import an MD5 certificate.
Examples
# Import the CA certificate for PKI domain cer in the format of PEM.
<Sysname> system-view
[Sysname] pki import-certificate ca domain cer pem
Related commands
pki domain
pki request-certificate domain
Use pki request-certificate domain to request a local certificate from a CA through SCEP. If SCEP fails,
you can use the pkcs10 keyword to print the request information in BASE64 format, or use the pkcs10
filename filename option to save the request information to a local file and send the file to the CA by an
out-of-band means.
Syntax
pki request-certificate domain domain-name [ password ] [ pkcs10 [ filename filename ] ]
Default
The retrieved certificate is stored in the root directory with the filename domain-name_ca.cer,
domain-name_local.cer, or domain-name_peerentity_entity-name.cer.
Views
System view