Exporting Certificates; Removing A Certificate - HPE FlexFabric 7900 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
After you change the storage path for certificates or CRLs, the certificate files (with the .cer or .p12
extension) and CRL files (with the .crl extension) in the original path are moved to the new path.
To specify the storage path for the certificates and CRLs:
Task
Specify the storage path for
certificates and CRLs.
Exporting certificates
IMPORTANT:
To export all certificates in the PKCS12 format, the PKI domain must have a minimum of one local
certificate. Otherwise, the certificates in the PKI domain cannot be exported.
You can export the CA certificate and the local certificates in a PKI domain to certificate files. The
exported certificate files can then be imported back to the device or other PKI applications.
When you export a local certificate with the RSA key pair, the name of the target file might not be the
same as specified in the command. It depends on the purpose of the key pair of the certificate.
To export certificates:
Step
1.
Enter system
view.
2.
Export certificates.
Removing a certificate
You can remove the CA certificate, local certificate, or peer certificates in a PKI domain. After you
remove the CA certificate, the system automatically removes the local certificates, peer certificates,
and CRLs in the domain.
You can remove a local certificate and request a new one when the local certificate is about to expire
or the certificate's private key is compromised. To remove a local certificate and request a new
certificate, perform the following tasks:
1.
Remove the local certificate.
2.
Use the public-key local destroy command to destroy the existing local key pair.
3.
Use the public-key local create command to generate a new key pair.
4.
Request a new certificate.
Command
pki storage { certificates |
crls } dir-path
Command
system-view
•
Export certificates in DER format:
pki export domain domain-name der { all |
ca | local } filename filename
•
Export certificates in PKCS12 format:
pki export domain domain-name p12 { all |
local } passphrase p12passwordstring
filename filename
•
Export certificates in PEM format:
pki export domain domain-name pem
{ { all | local } [ { 3des-cbc | aes-128-cbc |
aes-192-cbc | aes-256-cbc | des-cbc }
pempasswordstring ] | ca } [ filename
filename ]
77
Remarks
By default, the device stores certificates and
CRLs in the PKI directory on the storage
media of the device.
Remarks
N/A
If you do not specify a file
name when you export a
certificate in PEM format, the
certificate is displayed on the
terminal.
Advertisement
Table of Contents
Troubleshooting
