(Optional) Downloading a Local Certificate

Context

If the device applies for the local certificate through SCEP or CMPv2, it automatically downloads the local certificate. The local certificate needs to be downloaded only when the local certificate is applied for in offline mode.

The device often obtains the local certificate using the following methods depending on the service types provided by the CA server:

Download the local certificate from the web server to the device storage through HTTP.
Obtain the local certificate in an outbound way (web, disk, or email) and then upload it to the device storage.

Prerequisites

The device has applied for the local certificate in offline mode, and the local certificate has been enrolled on the CA successfully.

Procedure

Download the local certificate through HTTP.
1. Run system-view
  The system view is displayed.
2. Run pki http [ esc ] url-address save-name
  The device is configured to download the local certificate through HTTP.
  
  url-address must include a complete certificate file name and file name extension, for example, http://10.1.1.1:8080/cert.cer. If url-address specifies a domain name, ensure that the domain name can be resolved.
Download the local certificate in an outbound way (web, disk, or email).
After you obtain the local certificate in an outbound way (web, disk, or email), manually upload it to the device storage. You can also download the local certificate through the administrator's PC and then upload it to the device storage through FTP or SFTP, or web system.

Verifying the Configuration

Run the display pki credential-storage-path command to check the default path where a PKI certificate is stored.
Run the dir (user view) command to check the local certificate file in a storage device.