HP 5920 Command Reference Manual page 220
Hide thumbs
Also See for 5920:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
Predefined user roles
network-admin
Parameters
domain domain-name: Specifies the name of a PKI domain, a case-insensitive string of 1 to 31
characters.
der: Specifies the certificate format as DER, including PKCS#7.
p12: Specifies the certificate format as PKCS12.
pem: Specifies the certificate format as PEM.
ca: Specifies the CA certificate.
local: Specifies the local certificates.
peer: Specifies the peer certificates.
filename filename: Specifies a certificate file name, a case-insensitive string. If you do not specify a file
name, you import a certificate by copying and pasting the certificate contents on the terminal. In this case,
make sure the certificate is in PEM format because only certificates in PEM format can be imported by this
means.
Usage guidelines
Use the command to import the certificates in the following situations:
•
The CRL repository is not specified or the CA server does not support SCEP.
Use a certificate that is packed with the server generated key pair in a single file. Only certificate
•
files in PKCS12 or PEM format might contain key pairs.
Before you import the certificates, complete the following tasks:
Use FTP or TFTP to upload the certificate files to the storage media of the device. If FTP or TFTP is not
•
available, you can import the certificates by copying and pasting the certificate contents through
the terminal. In this case, make sure the certificate is in PEM format because only certificates in PEM
format can be imported by this means.
For the local certificates or peer certificates to be imported, the proper CA certificate chain must
•
exist. The CA certificate chain can be stored on the device, or carried in the local certificates or peer
certificates. If the PKI domain, the local certificates, or the peer certificates do not have the CA
certificate chain, you must import the CA certificate first. To import a local or peer certificate, a CA
certificate chain must exist in the PKI domain, or be carried in the local or peer certificate. If not,
obtain it first.
When you import the local certificates or peer certificates:
•
If the local certificates or peer certificates to be imported contain the CA certificate chain, you can
import the CA certificate and the local certificates or peer certificates at the same time. If the
certificate of the CA that issues the local certificates or peer certificates already exists in a PKI
domain, the system displays a prompt to ask you whether to overwrite the existing CA certificate.
208
Advertisement
Table of Contents
