• If the key pair of the local certificate is for general use (RSA general, ECDSA, or DSA), the local file
name is filename.
If the PKI domain has two local certificates, one of the following results occurs:
• If you specify a file name, the local certificates are exported to two different files.
• If you do not specify a file name, the local certificates are displayed on the terminal, separated by
the system prompts.
When you export all certificates, if the PKI domain has only the CA certificate or the local certificates, the
result is the same as when you export the local certificates or the CA certificate separately. If the PKI
domain has both the CA certificate and the local certificates, you get the following results:
• If you specify a file name, each local certificate with its proper CA certificate chain is exported to
a separate file.
• If you do not specify a file name, all local certificates and the CA certificate or the CA certificate
chain are displayed on the terminal, separated by the system prompts.
When you export all certificates in PKCS12 format, the PKI domain must have a local certificate.
Otherwise, the export operation fails.
When you export the local certificates or all certificates in PEM format, if you do not specify the
cryptographic algorithm and the challenge password for the private key, this command does not export
the private keys of the local certificates. If you specify the cryptographic algorithm and the password,
and the local certificates have their private keys, this command can export the local certificates with their
private keys. If the local certificates do not have their private keys, the export operation fails.
When you export the local certificates, if the key pair in the PKI domain is changed and becomes
different from the public key in the local certificates, the export operation fails.
When you export the local certificates or all certificates, if the PKI domain has two local certificates, the
failure of exporting one local certificate does not affect the export operation of the other.
The specified file name can contain an absolute path. If the specified path does not exist, the export
operation fails.
Examples
# Export the CA certificate in the PKI domain to a file named cert-ca.der in DER format.
<Sysname> system-view
[Sysname] pki export domain domain1 der ca filename cert-ca.der
# Export the local certificates in the PKI domain to a file named cert-lo.der in DER format.
<Sysname> system-view
[Sysname] pki export domain domain1 der local filename cert-lo.der
# Export all certificates in the PKI domain to a file named cert-all.p7b in DER format.
<Sysname> system-view
[Sysname] pki export domain domain1 der all filename cert-all.p7b
# Export the CA certificate in the PKI domain to a file named cacert in PEM format.
<Sysname> system-view
[Sysname] pki export domain domain1 pem ca filename cacert
202
To Next Page
Loading...
