The trusted-ca load command loads a trusted-CA file to a Secure Sockets Layer (SSL) policy.
The undo trusted-ca load command unloads a trusted-CA file from an SSL policy.
By default, no trusted-CA files are loaded to an SSL policy.
# Load an ASN1 trusted-CA file to an SSL policy.
trusted-ca load asn1-ca ca-filename
# Load a PEM trusted-CA file to an SSL policy.
trusted-ca load pem-ca ca-filename
# Load a PFX trusted-CA file to an SSL policy.
trusted-ca load pfx-ca ca-filename auth-code cipher auth-code
# Unload a trusted-CA file from an SSL policy.
undo trusted-ca load { pem-ca | asn1-ca | pfx-ca } ca-filename
| Parameter | Description | Value |
|---|---|---|
asn1-ca |
Loads an ASN1 trusted-CA file to an SSL policy. |
- |
pem-ca |
Loads a PEM trusted-CA file to an SSL policy. |
- |
pfx-ca |
Loads a PFX trusted-CA file to an SSL policy. |
- |
ca-filename |
Specifies the name of a trusted-CA file. This file must be saved in the security sub-directory of the system directory. |
The value is a string of 1 to 63 characters. The specified file name must be consistent with the name of the uploaded file. |
auth-code cipher auth-code |
Specifies the authentication code of a PFX trusted-CA file. The specified file name must be consistent with the name of the uploaded file. |
The value is a string of 1 to 31, 48 or 68 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
|
Usage Scenario
CAs are responsible for issuing digital certificates. The world-wide trusted CA is called a root CA. The root CA can authorize other CAs as subordinate CAs. The CA identity is described in a trusted-CA file. To ensure communications security, run the trusted-ca load command to load a trusted-CA file.
Configuration Impact
After a trusted-CA file is loaded, the FTPS client can authenticate the FTPS server based on the trusted-CA file. This allows only authorized users to log in to the FTPS server.
Prerequisites
The ssl policy command has been used in the system view to create an SSL policy.
Precautions
A maximum of four trusted-CA files can be loaded to an SSL policy. For the sake of security, deleting the installed trusted CA file is not recommended.
# Load an ASN1 trusted-CA file to an SSL policy.
<sysname> system-view
[sysname] ssl policy ftp_server
[sysname-ssl-policy-ftp_server] trusted-ca load asn1-ca servercert.der
# Load a PEM trusted-CA file to an SSL policy.
<sysname> system-view
[sysname] ssl policy ftp_server
[sysname-ssl-policy-ftp_server] trusted-ca load pem-ca servercert.pem
# Load a PFX trusted-CA file to an SSL policy.
<sysname> system-view [sysname] ssl policy ftp_server [sysname-ssl-policy-ftp_server] trusted-ca load pfx-ca servercert.pfx auth-code cipher Hello@123