< Home

Importing Certificates

This section describes how to import certificates using the RPC method.

Table 1 Importing certificates

Operation

XPATH

edit-config: default

/huawei-pki:certificate-operation

Data requirement

Table 2 Importing certificates

Item

Data

Description

Realm name

default

The local certificate file local.pem is imported to the default realm of the root system using the password huawei@1234.

Certificate type

1

Certificate file name

local.pem

Certificate format

PEM

Certificate operation type

0

Password

huawei@1234

Virtual system name

public

Request example

<?xml version='1.0' encoding='UTF-8'?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <pki:certificate-operation xmlns:pki="urn:huawei:params:xml:ns:yang:huawei-pki">
    <pki:files>
     <pki:realm-name>default</pki:realm-name>
     <pki:certificate-type>1</pki:certificate-type>
     <pki:file-name>local.pem</pki:file-name>
     <pki:file-format>pem</pki:file-format>
     <pki:operation-type>0</pki:operation-type>
     <pki:password>huawei@1234</pki:password>
     <pki:vsys-name>public</pki:vsys-name>
    </pki:files>
  </pki:certificate-operation>
</rpc>

Response example

Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <errors>
    <errors xmlns="urn:huawei:params:xml:ns:yang:huawei-pki:certificate-operation">
      <realm-name>default</realm-name>
      <error-tag>0</error-tag>
    <errors>
  <errors>
</rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <errors>
    <errors xmlns="urn:huawei:params:xml:ns:yang:huawei-pki:certificate-operation">
      <realm-name>default</realm-name>
      <error-tag>1</error-tag>
    <errors>
  <errors>
</rpc-reply>

Response error-tag types:

  • 0: Operation succeeded.
  • 1: Operation failed.
  • 2: The parameter is invalid.
  • 3: The realm name is invalid.
  • 4: The shadow certificate does not exist.
  • 5: Failed to replace the certificate.
  • 6: Failed to replace the key pair.
  • 7: The imported file does not exist.
  • 8: Failed to parse the imported file.
  • 9: Unsupported file format.
  • 10: The shadow certificate already exists.
  • 11: Failed to save the shadow certificate.
  • 12: Failed to search for the key pair based on certificate.
  • 13: Failed to save the shadow key pair.
  • 14: Failed to save the certificate file.
  • 15: Failed to import certificate.
  • 16: Failed to save the key pair.
  • 17: Failed to save the certificate and key pair to the specified path.
  • 18: The shadow certificate to be replaced does not exist.
  • 19: The path for storing the certificate is invalid.
  • 20: Unsupported operation.
  • 21: Failed to search for the key pair written into the specified file.
  • 22: Failed to save the certificate to the specified path.
  • 23: The file name is too long.
Parent Topic: PKI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >