< Home

wapi import certificate

Function

The wapi import certificate command imports the AC certificate file, certificate of the AC certificate issuer, and ASU certificate file.

The undo wapi certificate command deletes the imported AC certificate file, certificate of the AC certificate issuer, or ASU certificate file.

By default, the AC certificate file, certificate of the AC certificate issuer, and ASU certificate file are not imported.

Format

wapi import certificate { ac | asu | issuer } format pkcs12 file-name file-name password password

wapi import certificate { ac | asu | issuer } format pem file-name file-name

undo wapi certificate { ac | asu | issuer }

Parameters

Parameter

Description

Value

ac

Specifies the AC certificate.

-

asu

Specifies the ASU certificate.

-

issuer

Specifies the certificate of the AC certificate issuer.

-

format pkcs12

Imports a certificate in P12 format.

-

format pem

Imports a certificate in PEM format.

-

file-name file-name

Specifies a certificate file name, which the complete path of a certificate file must be specified.

The value is a string of 1 to 255 characters. It cannot contain question marks (?) and cannot start or end with double quotation marks (" ") or spaces.

password password

Specifies the key of the P12 certificate.
The password can be in plain text or cipher text.
  • A plain text password is a string of 1 to 32 characters.

  • A cipher text password is a string of 48 or 68 characters.

Views

Security profile view

Default Level

3: Management level

Usage Guidelines

  • If WAPI certificate authentication is specified as a security policy in a security profile, run the wapi import certificate command to specify the AC certificate, certificate of the AC certificate issuer, and ASU certificate. STAs will fail to be authenticated if you do not run this command. The issuer certificate helps to check whether the AC certificate is modified.
  • Before using this command, store the AC certificate and ASU certificate to the storage medium of the device, and import the certificates and private key using TFTP. Certificates must be X509 V3 certificates and comply with the WAPI standard. Otherwise, certificates cannot be imported.
  • After this command is run:
    • When an issuer certificate is configured, the system checks correctness of the AC certificate.
    • If the authentication system uses only two certificates, the issuer certificate and ASU certificate have the same certificate file name and are the same certificate. If the authentication system uses three certificates, the issuer certificate and ASU certificate are different from each other and both must be imported.
  • The ASU certificate and issuer certificate must be imported.
  • Certificates to be imported must be valid and correct.
  • If the certificates with the same name but different contents have been imported by other security profiles, delete the earlier certificate first.

Example

# Import the AC certificate.
<HUAWEI> system-view
[HUAWEI] wlan
[HUAWEI-wlan-view] security-profile name p1
[HUAWEI-wlan-sec-prof-p1] wapi import certificate ac format pem file-name flash:/local_ac.cer
Parent Topic: WLAN Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >