< Home

pki import-certificate peer

Function

The pki import-certificate peer command imports a certificate of the remote device to the device memory.

Format

pki import-certificate peer peer-name { der | pem | pkcs12 } filename [ filename ]

pki import-certificate peer peer-name pkcs12 filename filename password password

Parameters

Parameter

Description

Value

peer-name

Specifies the name of a peer certificate.

A certificate cannot be imported to multiple peers.

The value is a string of 1 to 32 case-insensitive characters without spaces. If the character string is enclosed in double quotation marks, it can contain spaces.

der

Imports a certificate of the remote device in DER format.

-

pem

Imports a certificate of the remote device in PEM format.

-

pkcs12

Imports a certificate of the remote device in P12 format.

-

filename filename

Imports a certificate of the remote device in file mode.

 The value is an existing certificate name of the remote device.
password password Specifies the decryption password of the certificate. The password is the same as the password configured using the pki export-certificate command. The value must be the name of an existing decryption password of the certificate.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Where digital envelop authentication is used, configure the public key of the remote device. The public key can be obtained from the public and private key management module or certificate of the remote device.

Prerequisites

The certificate file of the remote device must already exist on the storage device.

Precautions

When a certificate in pkcs12 format is imported, the PKI system deletes the file name extension of the original certificate file, adds _localx.cer to generate a new file name, and saves it to the storage component. Therefore, the name of the certificate file to be imported cannot exceed 50 characters. Otherwise, the total certificate file name will exceed 64 characters, and the certificate file cannot be imported to the storage component.

You can import a peer certificate generated using the RSA encryption algorithm or SM2 key hash algorithm to the device.

Example

# Import the certificate aa.pem of the remote device in the file mode.

<HUAWEI> system-view
[HUAWEI] pki import-certificate peer abcd pem file aa.pem
 Info: Succeeded in importing the peer certificate.
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >