pki import rsa-key-pair
Format
pki import rsa-key-pair key-name [ include-cert realm realm-name ] { pem | pkcs12 } file-name [ exportable ] [ password password ]
pki import rsa-key-pair key-name der file-name [ exportable ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| key-name | Specifies the name of the RSA key pair on the device. | The value is a string of 1 to 64 characters and case-sensitive without spaces or question marks (?). If the character string is enclosed in double quotation marks (" "), the character string can contain spaces. |
| include-cert | Indicates that the certificates in the file will be imported. | - |
| realm realm-name | Specifies the PKI realm name of the imported certificate. | The value must be an existing PKI realm name. |
| pem file-name | Indicates that the RSA key pair to be imported is in the PEM format and specifies the file name to store the RSA key pair. | The value must be an existing certificate file name that stores the RSA key pair and the certificate. |
| pkcs12 file-name | Indicates that the RSA key pair to be imported is in the PKCS12 format and specifies the file name to store the RSA key pair. | The value must be an existing certificate file name that stores the RSA key pair and the certificate. |
| der file-name | Indicates that the RSA key pair to be imported is in the DER format and specifies the file name to store the RSA key pair. | The value must be an existing certificate file name that stores the RSA key pair and the certificate. |
| exportable | Indicates that the imported RSA key pair can be exported. | - |
| password password | Specifies the decryption password of the RSA key pair. The password is the same as the password configured using the pki export rsa-key-pair command. | The value must be the name of an existing decryption password of the RSA key pair. |
Usage Guidelines
Usage Scenario
Run this command to use the RSA key pair generated by other entities. After the configuration, the imported RSA key pair can be referenced by the PKI module for operations such as signing.
Windows Server 2003 has a low processing performance. For the device to connect to a Windows Server 2003, the device cannot have too many entities configured or use a large-sized key pair.
If you do not know the format of the key pair you want to import, configure each format in turn and check whether the key pair is successfully imported.
Prerequisites
The RSA key pair must already exist on the storage device.
Example
# Import the RSA key pair aaa.pem. In the system, the RSA key pair is named key-1, is marked exportable and has the decryption password Test!123456.
<HUAWEI> system-view [HUAWEI] pki import rsa-key-pair key-1 pem aaa.pem exportable password Test!123456 Info: Succeeded in importing the RSA key pair in PEM format.