227
Ste
Command
Remarks
5. Obtain the CA certificate.
See "Obtaining certificates." N/A
6. Verify the validity of the
certificates.
pki validate-certificate domain
domain-name { ca | local }
This command is not saved in the
configuration file.
Specifying the storage path for the certificates and
CRLs
CAUTION:
If you chan
e the stora
e path, save the confi
uration before you reboot or shut down the device to avoid
loss of the certificates or the CRLs.
The device has a default storage path for certificates and CRLs. You can change the storage path and
specify different paths for the certificates and CRLs.
After you change the storage path for certificates or CRLs, the certificate files (with the .cer or .p12
extension) and CRL files (with the .crl extension) in the original path are moved to the new path.
To specify the storage path for the certificates and CRLs:
Task Command
Remarks
Specify the storage path for
certificates and CRLs.
pki storage { certificates |
crls } dir-path
By default, the device stores certificates and
CRLs in the PKI directory on the storage media
of the device.
Exporting certificates
IMPORTANT:
To export all certificates in the PKCS12 format, the PKI domain must have a minimum of one local
certificate. Otherwise, the certificates in the PKI domain cannot be exported.
You can export the CA certificate and the local certificates in a PKI domain to certificate files. The
exported certificate files can then be imported back to the device or other PKI applications.
When you export a local certificate with the RSA key pair, the name of the target file might not be the
same as specified in the command. It depends on the purpose of the key pair of the certificate.
To export certificates:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
To Next Page
Loading...
Need help?
General