F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
276
Figure 182 RSA key pair destruction page
252BRetrieving and displaying a certificate
You can retrieve an existing CA certificate or local certificate from the CA server and save it locally. To
do so, you can use offline mode or online mode.
In offline mode, you must retrieve a certificate by an out-of-band means like FTP, disk, email and then
import it to the device. By default, the retrieved certificate is saved in a file under the root directory of the
device, and the file name is domain-name_ca.cer for the CA certificate, or domain-name_local.cer for
the local certificate.
To retrieve a certificate:
1. From the navigation tree, select VPN > Certificate Management > Certificate.
2. Click Retrieve Cert.
Figure 183 PKI certificate retrieval page
3. Configure the parameters, as described in 898HTable 29.
4. Click Apply.
Table 29 Configuration items
Item Descri
p
tion
Domain Name
Select the PKI domain for the certificate.
Certificate Type
Select the type of the certificate to be retrieved, which can be CA or local.
Enable Offline
Mode
Select this box to retrieve a certificate in offline mode (that is, by an out-of-band means
like FTP, disk, or email) and then import the certificate into the local PKI system.
Get File From
Device
Specify the path and name of the certificate file to import:
• If the certificate file is saved on the device, select Get File From Device and then specify
the path and name of the file on the device. If no file is specified, the system, by
default, gets the file domain-name_ca.cer (for the CA certificate) or
domain-name_local.cer (for the local certificate) under the root directory of the device.
• If the certificate file is saved on a local PC, select Get File From PC and. then specify
the path and name of the file and specify the partition that saves the file..
Get File From PC