274
When you export the local certificates or all certificates in PEM format, if you do not specify the
cryptographic algorithm and the challenge password for the private key, this command does not export
the private keys of the local certificates. If you specify the cryptographic algorithm and the password,
and the local certificates have their private keys, this command can export the local certificates with their
private keys. If the local certificates do not have their private keys, the export operation fails.
When you export the local certificates, if the key pair in the PKI domain is changed and becomes
different from the public key in the local certificates, the export operation fails.
When you export the local certificates or all certificates, if the PKI domain has two local certificates, the
failure of exporting one local certificate does not affect the export operation of the other.
The specified file name can contain an absolute path. If the specified path does not exist, the export
operation fails.
Examples
# Export the CA certificate in the PKI domain to a file named cert-ca.der in DER format.
<Sysname> system-view
[Sysname] pki export domain domain1 der ca filename cert-ca.der
# Export the local certificates in the PKI domain to a file named cert-lo.der in DER format.
<Sysname> system-view
[Sysname] pki export domain domain1 der local filename cert-lo.der
# Export all certificates in the PKI domain to a file named cert-all.p7b in DER format.
<Sysname> system-view
[Sysname] pki export domain domain1 der all filename cert-all.p7b
# Export the CA certificate in the PKI domain to a file named cacert in PEM format.
<Sysname> system-view
[Sysname] pki export domain domain1 pem ca filename cacert
# Export the local certificates and their private keys in the PKI domain to a file named local.pem in PEM
format. For the private keys, the cryptographic algorithm is DES_CBC and the password is 111.
<Sysname> system-view
[Sysname] pki export domain domain1 pem local des-cbc 111 filename local.pem
# Export the all certificates in the PKI domain to a file named all.pem in PEM format. No cryptographic
algorithm or password is specified, and the private keys are not exported.
<Sysname> system-view
[Sysname] pki export domain domain1 pem all filename all.pem
# Display the local certificates and their private keys in the PKI domain on the terminal in PEM format. For
the private keys, the cryptographic algorithm is DES_CBC and the password is 111.
<Sysname> system-view
[Sysname] pki export domain domain1 pem local des-cbc 111
%The signature usage local certificate:
Bag Attributes
friendlyName:
localKeyID: 99 0B C2 3B 8B D1 E4 33 42 2B 31 C3 37 C0 1D DF 0D 79 09 1D
subject=/C=CN/O=OpenCA Labs/OU=Users/CN=chktest chktest
issuer=/C=CN/O=OpenCA Labs/OU=software/CN=abcd
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgILAOhID4rI04kBfYgwDQYJKoZIhvcNAQELBQAwRTELMAkG
To Next Page
Loading...
Need help?
General
