certificate local-filename remote-filename

Function

The certificate local-filename command specifies the name of a certificate file on the local end.

The undo certificate local-filename command cancels the configuration.

The certificate remote-filename command specifies the name of a certificate file on the remote end.

The undo certificate remote-filename command cancels the configuration.

By default, the name of a certificate file on the local end is not specified.

By default, the name of a certificate file on the remote end is not specified.

This command is supported only on the NetEngine 8000 F1A.

Format

certificate { local-filename | remote-filename } filename

undo certificate { local-filename | remote-filename }

Parameters

Parameter Description Value
filename

Indicates the name of a certificate file.

It is a string of 1-127 case-insensitive characters.

Views

IKE peer view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ike write

Usage Guidelines

Usage Scenario

The specified certificate file is associated with the IKE peer in the IKE negotiation. In the two-node cluster scenario, you are advised to set different certificate expiration dates for the active and standby devices to prevent the active and standby devices from both being unavailable.

Precautions

The certificate imported to the PKI domain cannot be configured on an IKE peer. As a result, the negotiation fails.

Example

# Associate the certificate file whose name is local.cer with the IKE peer.
<HUAWEI> system-view
[~HUAWEI] ike peer peer1
[*HUAWEI-ike-peer-peer1] certificate local-filename local.cer
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >