pki export-certificate
Format
pki export-certificate { ca | local | ocsp } realm realm-name { pem | pkcs12 }
Only devices in NETCONF mode support the ocsp parameter.
Parameters
Parameter |
Description |
Value |
|---|---|---|
ca |
Exports a CA certificate. |
- |
local |
Exports a local certificate. |
- |
ocsp |
Exports the Online Certificate Status Protocol (OCSP) certificate. |
- |
realm realm-name |
Specifies the PKI realm name of a certificate. |
The PKI realm name must already exist. |
pem |
Exports a certificate in PEM format. |
- |
pkcs12 |
Exports a certificate in P12 format. |
- |
Usage Guidelines
Usage Scenario
To copy a certificate to another device, run the pki export-certificate command to export a certificate to the flash of the local device first, and then transfer the certificate to another device using a file transfer protocol.
Before using this command, run the display pki certificate command to view information about certificates on the device.
Prerequisites
A PKI realm has been created using the pki realm (system view) command.
Precautions
When the exported certificate file does not contain a private key, the device does not encrypt this file.
When you export the private key, the system asks you to enter the private key file name. If the private key file name and the certificate file name are the same, the private key and certificate are stored in the same file. If they are different, they are stored in different files.
When you export the private key, the system asks you to enter the private key file format and set the password. The password will be used when you run the pki import-certificate command to import this private key.
After the enrollment self-signed command is used in the PKI realm, you cannot use the pki export-certificate command to export certificates to files.
Example
# Export the local certificate in the PKI realm abc.
<HUAWEI> system-view [HUAWEI] pki realm abc [HUAWEI-pki-realm-abc] quit [HUAWEI] pki export-certificate local realm abc pem Please enter the name of certificate file <length 1-127>: aa If you only export the certificate, do not export the private key. You can directly enter empty of private key file. Please enter the name of private key file <length 1-127>: Info: Succeeded in exporting the certificate.