The pki import-certificate peer command imports a certificate of the remote device to the device memory.
Parameter |
Description |
Value |
|---|---|---|
peer-name |
Specifies the name of a peer certificate. A certificate cannot be imported to multiple peers. |
The value is a string of 1 to 32 case-insensitive characters without spaces. If the character string is enclosed in double quotation marks, it can contain spaces. |
der |
Imports a certificate of the remote device in DER format. |
- |
pem |
Imports a certificate of the remote device in PEM format. |
- |
pkcs12 |
Imports a certificate of the remote device in P12 format. |
- |
filename filename |
Imports a certificate of the remote device in file mode. |
The value is an existing certificate name of the remote device. |
Usage Scenario
Where digital envelop authentication is used, configure the public key of the remote device. The public key can be obtained from the public and private key management module or certificate of the remote device.
Prerequisites
The certificate file of the remote device must already exist on the storage device.
Precautions
In dual-node hot standby scenarios, the master node backs up certificates to the backup node. The backup node does not support the function of importing certificates to the memory.
When a certificate in pkcs12 format is imported, the PKI system deletes the file name extension of the original certificate file, adds _localx.cer to generate a new file name, and saves it to the storage component. Therefore, the name of the certificate file to be imported cannot exceed 50 characters. Otherwise, the total certificate file name will exceed 64 characters, and the certificate file cannot be imported to the storage component.
You can import a peer certificate generated using the RSA encryption algorithm or SM2 key hash algorithm to the device.
<sysname> cd pki <sysname> cd public/