HPE FlexFabric 7900 Series Security Command Reference page 155
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Configuration manual (211 pages)
Table of Contents
Advertisement
•
If the local certificate to be imported contains a key pair, the system asks you to enter the
challenge password used for encrypting the private key.
When you import a local certificate file that contains a key pair, you can choose to update the domain
with the key pair. Depending on the purpose of the key pair, the following conditions apply:
•
If the purpose of the key pair is general, the device uses the key pair to replace the local key pair
that is found in this order: general-purpose key pair, signature key pair, and encryption key pair.
•
If the purpose of the key pair is signature, the device uses the key pair to replace the local key
pair that is found in this order: general-purpose key pair and signature key pair.
•
If the purpose of the key pair is encryption, the device searches the domain for an encryption
key pair.
If a match is found, the device displays a prompt to ask you whether to overwrite the existing key pair
on the device. If no match is found, the device asks you to enter a key pair name (defaulting to the
PKI domain name). Then, it generates a key pair according to the algorithm and the purpose of the
key pair defined in the certificate file.
The import operation automatically updates or generates the correct key pair. When you perform the
import operation, be sure to save the configuration file to avoid data loss.
Examples
# Import the CA certificate file rootca_pem.cer in PEM format to the PKI domain aaa. The certificate
file contains the root certificate.
<Sysname> system-view
[Sysname] pki import domain aaa pem ca filename rootca_pem.cer
The trusted CA's finger print is:
MD5
fingerprint:FFFF 3EFF FFFF 37FF FFFF 137B FFFF 7535
SHA1 fingerprint:FFFF FF7F FF2B FFFF 7618 FF4C FFFF 0A7D FFFF FF69
Is the finger print correct?(Y/N):y
[Sysname]
# Import the CA certificate file aca_pem.cer in PEM format to the PKI domain bbb. The certificate file
does not contain the root certificate.
<Sysname> system-view
[Sysname] pki import domain bbb pem ca filename aca_pem.cer
[Sysname]
# Import the local certificate file local-ca.p12 in PKCS12 format to the PKI domain bbb. The
certificate file contains a key pair.
<Sysname> system-view
[Sysname] pki import domain bbb p12 local filename local-ca.p12
Please input challenge password:
******
[Sysname]
# Import the local certificate in PEM format to the PKI domain bbb by copying and pasting the
contents of the certificate. The certificate contains the key pair and the CA certificate chain.
<Sysname> system-view
[Sysname] pki import domain bbb pem local
Enter PEM-formatted certificate.
End with a Ctrl+c on a line by itself.
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: {F7619D96-3AC2-40D4-B6F3-4EAB73DEED73}
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
147
Advertisement
Table of Contents
