488
Related commands
pki domain
pki import
Use pki import to import the CA certificate, local certificates, or peer certificates for a PKI domain.
Syntax
pki import domain domain-name { der { ca | local | peer } filename filename | p12 local filename
filename | pem { ca | local | peer } [ filename filename ] }
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.
The domain name cannot contain the special characters listed in Table 71.
Table 71 Special characters
Tilde ~ Dot .
Asterisk * Left angle bracket <
Backslash \ Right angle bracket >
Vertical bar | Quotation marks "
Colon : Apostrophe '
der: Specifies the DER certificate file format, including PKCS#7.
p12: Specifies the PKCS#12 certificate file format.
pem: Specifies the PEM certificate file format.
ca: Specifies the CA certificate.
local: Specifies the local certificates.
peer: Specifies the peer certificates.
filename filename: Specifies a certificate file name, a case-insensitive string. For a certificate in
PEM format, you can also choose to copy and paste the certificate contents on the terminal instead
of importing from a file.
Usage guidelines
Use this command to import a certificate in the following situations:
• The CRL repository is not specified or the CA server does not support SCEP.
• The certificate is packed with the server generated key pair in a single file. Only certificate files
in PKCS12 or PEM format can contain key pairs.
Before you import certificates, complete the following tasks:
• Use FTP or TFTP to upload the certificate files to the storage media of the device. If FTP or
TFTP is not available, display and copy the contents of a certificate to a file on the device. Make
sure the certificate is in PEM format because only certificates in PEM format can be imported by
this means.