HP FlexNetwork MSR Series Command Reference Manual page 455
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
c. Encryption key pair.
•
If the purpose of the key pair is signature, the device uses the key pair to replace the local key
pair that is found in this order:
d. General-purpose key pair.
e. Signature key pair.
•
If the purpose of the key pair is encryption, the device searches the domain for an encryption
key pair.
If a matching key pair is found, the device asks whether you want to overwrite the existing key pair on
the device. If no match is found, the device asks you to enter a key pair name (defaulting to the PKI
domain name). Then, it generates the key pair according to the key algorithm and the purpose
defined in the certificate file.
The import operation automatically updates or generates the correct key pair. When you perform the
import operation, be sure to save the configuration file to avoid data loss.
Examples
# Import CA certificate file rootca_pem.cer in PEM format to PKI domain aaa. The certificate file
contains the root certificate.
<Sysname> system-view
[Sysname] pki import domain aaa pem ca filename rootca_pem.cer
The trusted CA's finger print is:
MD5
fingerprint:FFFF 3EFF FFFF 37FF FFFF 137B FFFF 7535
SHA1 fingerprint:FFFF FF7F FF2B FFFF 7618 FF4C FFFF 0A7D FFFF FF69
Is the finger print correct?(Y/N):y
[Sysname]
# Import CA certificate file aca_pem.cer in PEM format to PKI domain bbb. The certificate file does
not contain the root certificate.
<Sysname> system-view
[Sysname] pki import domain bbb pem ca filename aca_pem.cer
[Sysname]
# Import local certificate file local-ca.p12 in PKCS12 format to PKI domain bbb. The certificate file
contains a key pair.
<Sysname> system-view
[Sysname] pki import domain bbb p12 local filename local-ca.p12
Please input challenge password:
******
[Sysname]
# Import local certificate in PEM format to PKI domain bbb by copying and pasting the contents of
the certificate. The certificate contains the key pair and the CA certificate chain.
<Sysname> system-view
[Sysname] pki import domain bbb pem local
Enter PEM-formatted certificate.
End with a Ctrl+c on a line by itself.
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: {F7619D96-3AC2-40D4-B6F3-4EAB73DEED73}
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
Key Attributes
X509v3 Key Usage: 10
-----BEGIN RSA PRIVATE KEY-----
437
Advertisement
