R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
141
Examples
# Create a PKI entity named en and enter its view.
<Sysname> system-view
[Sysname] pki entity en
[Sysname-pki-entity-en]
pki import-certificate
Syntax
pki import-certificate { ca | local } domain domain-name { der | p12 | pem } [ filename filename ]
View
System view
Default level
2: System level
Parameters
ca: Specifies the CA certificate.
local: Specifies the local certificate.
domain-name: Name of the PKI domain, a string of 1 to 15 characters.
der: Specifies the certificate format of DER.
p12: Specifies the certificate format of P12.
pem: Specifies the certificate format of PEM.
filename filename: Specifies the name of the certificate file, a case-insensitive string of 1 to 127
characters. It defaults to domain-name_ca.cer, domain-name_local.cer, or
domain-name_peerentity_entity-name.cer, the name for the file to be created to save the imported
certificate.
Description
Use pki import-certificate to import a CA certificate or local certificate from a file and save it locally.
In FIPS mode, the algorithm in the certificate must be supported by FIPS mode. Otherwise, the certificate
cannot be imported.
The following matrix shows the feature and firewall compatibility:
Feature F1000-A-EI/S-EI
F1000-E
F5000 Firewall module
FIPS No No No Yes
Related commands: pki domain.
Examples
# Import the CA certificate for PKI domain cer in the format of PEM.
<Sysname> system-view
[Sysname] pki import-certificate ca domain cer pem