The trusted-ca load command loads the trusted CA file for the SSL policy for the FTP client.
The undo trusted-ca load command unloads the trusted CA file of the SSL policy.
By default, no trusted CA file is loaded for the SSL policy.
# Load the trusted CA file for the SSL policy in ASN1 format.
trusted-ca load asn1-ca ca-filename
# Load the trusted CA file for the SSL policy in PEM format.
trusted-ca load pem-ca ca-filename
# Load the trusted CA file for the SSL policy in PFX format.
trusted-ca load pfx-ca ca-filename auth-code cipher auth-code
# Unload the trusted CA file for the SSL policy.
undo trusted-ca load { asn1-ca | pem-ca | pfx-ca } ca-filename
Parameter |
Description |
Value |
|---|---|---|
| asn1-ca | Load the trusted CA file for the SSL policy in ASN1 format. |
- |
| pem-ca | Load the trusted CA file for the SSL policy in PEM format. |
- |
| pfx-ca | Load the trusted CA file for the SSL policy in PFX format. |
- |
| ca-filename | Specifies the name of the trusted CA file. The file is in the subdirectory of the system directory security. If the security directory does not exist in the system, create this directory. |
The value is a string of 1 to 64 characters. The file name is the same as that of the uploaded file. |
| auth-code cipher auth-code | Specifies the verification code for the trusted CA file in PFX format. The authentication code verifies user identity to ensure that only authorized users can log in to the server. |
The value is a string of case-sensitive characters without spaces. If the value begins and ends with double quotation marks (" "), the string of characters can contain spaces. When the value is displayed in plaintext, its length ranges from 1 to 31. When the value is displayed in ciphertext, its length is 48 or 68. A ciphertext password with the length of 32 or 56 characters is also supported. |
Usage Scenario
CAs that are widely trusted in the world are called root CAs. Root CAs can authorize other lower-level CAs. The identity information about a CA is provided in the file of a trusted CA. To ensure the communication security and verify the server validity, you must run the trusted-ca load command to load the trusted CA file.
Prerequisites
Before running the trusted-ca load command, you have run the ssl policy command to create the SSL policy in the system view.
Precautions
A maximum of four trusted CA files can be loaded for an SSL policy. For the sake of security, deleting the installed trusted CA file is not recommended; otherwise, services using the SSL policy will be affected.
# Load the trusted CA file for the SSL policy in ASN1 format.
<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] trusted-ca load asn1-ca servercert.der
# Load the trusted CA file for the SSL policy in PEM format.
<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] trusted-ca load pem-ca servercert.pem
# Load the trusted CA file for the SSL policy in PFX format.
<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] trusted-ca load pfx-ca servercert.pfx auth-code cipher 123456