The pki import-certificate built-in-ca command imports an SSL decryption certificate to the memory.
| Parameter | Description | Value |
|---|---|---|
| filename file-name | Specifies the file name of an SSL decryption certificate. | The value must be the name of an existing SSL decryption certificate. |
Usage Scenario
Import the SSL decryption certificate to the memory to use it; otherwise, the certificate will not take effect.
When importing the SSL decryption certificate, make sure that the matching RSA key pair in the SSL decryption certificate exists on the device. The mapping relationship is created when the SSL decryption certificate is created. Search for the RSA key pair that corresponds to the SSL decryption certificate using the pki built-in-ca match-rsa-key command.
Prerequisites
The SSL decryption certificate file already exists on the storage device, and is generated using the pki generate built-in-ca certificate command.
Precautions
In dual-node hot standby scenarios, the master node backs up certificates to the backup node. The backup node does not support the function of importing certificates to the memory.
<sysname> cd pki <sysname> cd public/
Import the SSL decryption certificate key1_builtinca.cer to the memory.
<sysname> system-view [sysname] pki generate built-in-ca certificate rsa-key-pair key1 entity entity1 Please enter the file name for built in CA certificate <length 1-64> : key1_builtinca.cer Info: Generate built in CA certificate successfully. [sysname] pki import-certificate built-in-ca filename key1_builtinca.cer