247
Usage guidelines
In FIPS mode, MD5 certificates cannot be imported.
Examples
# Import the CA certificate for PKI domain
cer
in the format of PEM.
<Sysname> system-view
[Sysname] pki import-certificate ca domain cer pem
Related commands
pki domain
pki request-certificate domain
Use
pki request-certificate domain
to request a local certificate from a CA through SCEP. If SCEP
fails, you can use the
pkcs10
keyword to print the request information in BASE64 format, or use the
pkcs10 filename
filename
option to save the request information to a local file and send the file to
the CA by an out-of-band means.
Syntax
pki request-certificate domain
domain-name
[
password
] [
pkcs10
[
filename
filename
]
]
Default
The obtained certificate is stored in the root directory with the filename
domain-name
_ca.cer,
domain-name_local.cer
, or
domain-name
_peerentity_
entity-name
.cer.
Views
System view
Default command level
2: System level
Parameters
domain-name
: Specifies a PKI domain by its name, a string of 1 to 15 characters.
password
: Specifies the password for certificate revocation, a case-sensitive string of 1 to 31
characters.
pkcs10
: Displays the BASE64-encoded PKCS#10 certificate request information, which can be
used to request a certification by an out-of-band means, like phone, disk, or email.
filename
filename
: Specifies the name of the local file for saving the PKCS#10 certificate request, a
case-insensitive string of 1 to 127 characters.
Usage guidelines
This operation will not be saved in the configuration file.
Examples
# Display the PKCS#10 certificate request information.
<Sysname> system-view
[Sysname] pki request-certificate domain 1 pkcs10
-----BEGIN CERTIFICATE REQUEST-----
MIIBTDCBtgIBADANMQswCQYDVQQDEwJqajCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAw5Drj8ofs9THA4ezkDcQPBy8pvH1kumampPsJmx8sGG52NFtbrDTnTT5
ALx3LJijB3d/ndKpcHT/DfbJVDCn5gdw32tBZyCkEwMHZN3ol2z7Nvdu5TED6iN8
4m+hfp1QWoV6lty3o9pxAXuQl8peUDcfN6WV3LBXYyl1WCtkLkECAwEAAaAAMA0G
CSqGSIb3DQEBBAUAA4GBAA8E7BaIdmT6NVCZgv/I/1tqZH3TS4e4H9Qo5NiCKiEw