415
When you export the local certificates or all certificates in PEM format, you must specify the
cryptographic algorithm and the challenge password for the private key. If you do not specify the
cryptographic algorithm and the challenge password, this command does not export the private keys
of the local certificates. If you specify the cryptographic algorithm and the password, and the local
certificates have their private keys, this command can export the local certificates with their private
keys. If the local certificates do not have their private keys, the export operation fails.
When you export the local certificates, if the key pair in the PKI domain is changed and no longer
matches the key in the local certificates, the export operation fails.
When you export the local certificates or all certificates, if the PKI domain has two local certificates,
failure of exporting one local certificate does not affect export of the other.
The specified file name can contain an absolute path. If the specified path does not exist, the export
operation fails.
Examples
# Export the CA certificate in the PKI domain to a file named
cert-ca.der
in DER format.
<Sysname> system-view
[Sysname] pki export domain domain1 der ca filename cert-ca.der
# Export the local certificates in the PKI domain to a file named
cert-lo.der
in DER format.
<Sysname> system-view
[Sysname] pki export domain domain1 der local filename cert-lo.der
# Export all certificates in the PKI domain to a file named
cert-all.p7b
in DER format.
<Sysname> system-view
[Sysname] pki export domain domain1 der all filename cert-all.p7b
# Export the CA certificate in the PKI domain to a file named
cacert
in PEM format.
<Sysname> system-view
[Sysname] pki export domain domain1 pem ca filename cacert
# Export the local certificates and their private keys in the PKI domain to a file named
local.pem
in
PEM format. For the private keys, the cryptographic algorithm is DES_CBC and the password is 111.
<Sysname> system-view
[Sysname] pki export domain domain1 pem local des-cbc 111 filename local.pem
# Export the all certificates in the PKI domain to a file named
all.pem
in PEM format. No
cryptographic algorithm or password is specified, and the private keys are not exported.
<Sysname> system-view
[Sysname] pki export domain domain1 pem all filename all.pem
# Display the local certificates and their private keys in the PKI domain on the terminal
in PEM format.
For the private keys, the cryptographic algorithm is DES_CBC and the password is 111.
<Sysname> system-view
[Sysname] pki export domain domain1 pem local des-cbc 111
%The signature usage local certificate:
Bag Attributes
friendlyName:
localKeyID: 99 0B C2 3B 8B D1 E4 33 42 2B 31 C3 37 C0 1D DF 0D 79 09 1D
subject=/C=CN/O=OpenCA Labs/OU=Users/CN=chktest chktest
issuer=/C=CN/O=OpenCA Labs/OU=software/CN=abcd
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgILAOhID4rI04kBfYgwDQYJKoZIhvcNAQELBQAwRTELMAkG
A1UEBhMCQ04xFDASBgNVBAoMC09wZW5DQSBMYWJzMREwDwYDVQQLDAhzb2Z0d2Fy
ZTENMAsGA1UEAwwEYWJjZDAeFw0xMTA0MjYxMzMxMjlaFw0xMjA0MjUxMzMxMjla
Содержание FlexNetwork 7500 Series
Страница 350: ...335 Related commands display port security port security enable ...
Страница 379: ...364 Sysname system view Sysname keychain abc mode absolute Sysname keychain abc tcp kind 252 ...
Страница 519: ...504 Related commands display ssh2 algorithm ssh2 algorithm cipher ssh2 algorithm key exchange ssh2 algorithm mac ...