Specifying The Storage Path For The Certificates And Crls; Exporting Certificates - HPE FlexNetwork 7500 Series Security Configuration Manual

Step
3. Disable CRL checking.
4. Return to system view.
5. Obtain the CA certificate.
6. Manually verify the validity of
the certificates.
Specifying the storage path for the certificates and
CRLs
CAUTION:
If you change the storage path, save the configuration before you reboot or shut down the device to
avoid loss of the certificates or the CRLs.
The device has a default storage path for certificates and CRLs. You can change the storage path
and specify different paths for the certificates and CRLs.
After you change the storage path for certificates or CRLs, the certificate files and CRL files in the
original path are moved to the new path. Certificate files use the .cer or .p12 file extension and CRL
files use the .crl file extension.
To specify the storage path for certificates and CRLs:
Task
Specify the storage path for
certificates and CRLs.

Exporting certificates

IMPORTANT:
To export all certificates in PKCS12 format, the PKI domain must have a minimum of one local
certificate. If the PKI domain does not have any local certificates, the certificates in the PKI domain
cannot be exported.
You can export the CA certificate and the local certificates in a PKI domain to certificate files. The
exported certificate files can then be imported back to the device or other PKI applications.
To export certificates:
Step
1. Enter system
view.
Command
undo crl check enable
quit
See "Obtaining
pki validate-certificate domain
domain-name { ca | local }
Command
pki storage { certificates |
crls } dir-path
Command
system-view
283
Remarks
By default, CRL checking is
enabled.
N/A
certificates." N/A
This command is not saved in the
configuration file.
Remarks
By default, the device stores certificates and
CRLs in the PKI directory on the storage
media of the device.
Remarks
N/A