228
Ste
Command
Remarks
2. Export certificates.
• Export certificates in DER format:
pki export domain domain-name der { all |
ca | local } filename filename
• Export certificates in PKCS12 format:
pki export domain domain-name p12 { all |
local } passphrase p12passwordstring
filename filename
• Export certificates in PEM format:
pki export domain domain-name pem { { all |
local } [ { 3des-cbc | aes-128-cbc |
aes-192-cbc | aes-256-cbc | des-cbc }
pempasswordstring ] | ca } [ filename
filename ]
If you do not specify a file name
when you export a certificate in
PEM format, the certificate is
displayed on the terminal.
Removing a certificate
You can remove the CA certificate, local certificate, or peer certificates in a PKI domain. After you
remove the CA certificate, the system automatically removes the local certificates, peer certificates, and
CRLs in the domain.
You can remove a local certificate and request a new one when the local certificate is about to expire or
the certificate's private key is compromised. To remove a local certificate and request a new certificate,
perform the following tasks:
1. Remove the local certificate.
2. Use the public-key local destroy command to destroy the existing local key pair.
3. Use the public-key local create command to generate a new key pair.
4. Request a new certificate.
To remove a certificate:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Remove a certificate.
pki delete-certificate domain domain-name { ca |
local | peer [ serial serial-num ] }
If you use the peer
keyword without
specifying a serial
number, the command
removes all peer
certificates.
Configuring a certificate-based access control
policy
Certificate-based access control policies allow you to authorize access to a device (for example, an
HTTPS server) based on the attributes of an authenticated client's certificate.
To Next Page
Loading...
Need help?
General
