Downloading a CA Certificate for a PKI Entity

Several methods are available to download a CA certificate, depending on the service types provided by the CA:

Download the CA certificate from the CA server through SCEP into the device storage.
Download the CA certificate from the web server to the device storage through HTTP.
Download the CA certificate from the CMPv2 server through CMPv2 into the device storage.
Obtain the CA certificate in an outbound way (web, disk, or email) and then upload it to the device storage.

If a PKI entity applies for a local certificate through CMPv2, the root certificate of the CA server is downloaded.

Download a CA certificate through SCEP.
For the configuration about downloading CA certificate through SCEP, see Applying for and Updating the Local Certificate for a PKI Entity Through SCEP.
Download a CA certificate through the Hypertext Transfer Protocol (HTTP).
1. Run system-view
  The system view is displayed.
2. Run pki http [ esc ] url-addresssave-name
  A CA certificate is downloaded through HTTP.
  
  url-address must include a complete certificate file name and file name extension, for example, http://10.1.1.1:8080/cert.cer. If url-address specifies a domain name, ensure that the domain name can be resolved.
Download a CA certificate through CMPv2.
For the configuration about downloading CA certificate through CMPv2, see Applying for and Updating the Local Certificate Through CMPv2.
Download a CA certificate in an outbound way.
After you obtain a CA certificate in an outbound way (web, disk, or email), manually upload it to the device storage. You can also download a CA certificate through the administrator's PC and then upload it to the device storage through FTP or SFTP, or web system.