access https-redirect import certificate

Function

The access https-redirect import certificate command imports the certificate and the mapped key. After the import succeeds, the device uses the imported certificate and mapped key to complete HTTPS interaction with the client.

By default, a device does not have a default certificate.

This command is supported only on the NetEngine 8000 F1A.

Format

access https-redirect import certificate certificate-file-name key { der der-file-name | pem pem-file-name password password }

Parameters

Parameter Description Value
key

Specifies the private key.

-
der der-file-name

Specifies the key file name in DER format.

The value is a string of 1 to 63 case-sensitive characters, spaces not supported.
pem pem-file-name

Specifies the key file name in PEM format.

The value is a string of 1 to 63 case-sensitive characters, spaces not supported.
password password

Specifies the password of the key file in PEM format.

The value is a string of 1 to 128 case-sensitive characters, spaces not supported.
certificate certificate-file-name

Specifies the certificate name.

The value is a string of 1 to 63 case-sensitive characters, spaces not supported.

Views

System view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
portal execute

Usage Guidelines

Usage Scenario

By default, the device does not have a certificate. You can run the self-signed rsa modulus command to generate a certificate from signature certificate or run the access https-redirect import certificate command to import an external certificate and its private key to replace the imported or generated certificate and private key for HTTPS interaction with the client.

Prerequisites

Before the access-https-redirect-import-certificate command is run, the certificate and associated private key should be uploaded to the device.

Precautions

  • The certificate size cannot exceed 10K.
  • The certificate chain is not supported. Only the certificate file that contains one certificate can be imported.
  • In case of repetitive import, the most recently imported certificate is used.
  • The imported certificate must meet the X.509 standard.
  • After the certificate and key are successfully imported, the key file is automatically deleted to reduce the risks of key disclosure.
  • The public key algorithm in a certificate supports only the ECDSA and RSA types.
  • You are advised to import an encrypted private key file to prevent private key information leakage.
  • In VS mode, this command is supported only by the admin VS.

Example

# Import the externally generated certificate and key.
<HUAWEI> system-view
[~HUAWEI] access https-redirect import certificate huawei.cer key pem pemkey.pem password Asd12345
Parent Topic: IPoE Access Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >