Specifying The Storage Path For The Certificates And Crls; Exporting Certificates - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Specifying the storage path for the certificates and
CRLs
CAUTION:
If you change the storage path, save the configuration before you reboot or shut down the device to
avoid loss of the certificates or the CRLs.
The device has a default storage path for certificates and CRLs. You can change the storage path
and specify different paths for the certificates and CRLs.
After you change the storage path for certificates or CRLs, the certificate files (with the .cer or .p12
extension) and CRL files (with the .crl extension) in the original path are moved to the new path.
To specify the storage path for certificates and CRLs:
Task
Specify the storage path for
certificates and CRLs.
Exporting certificates
IMPORTANT:
To export all certificates in the PKCS12 format, the PKI domain must have at least one local
certificate. Otherwise, the certificates in the PKI domain cannot be exported.
You can export the CA certificate and the local certificates in a PKI domain to certificate files. The
exported certificate files can then be imported back to the device or other PKI applications.
When you export a local certificate with the RSA key pair, the name of the target file might be
different than the file name specified with the filename keyword. It depends on the purpose of the
key pair of the certificate.
To export certificates:
Step
1.
Enter system
view.
2.
Export
certificates.
Command
pki storage { certificates |
crls } dir-path
Command
system-view
•
Export certificates in DER format:
pki export domain domain-name der { all
| ca | local } filename filename
•
Export certificates in PKCS12 format:
pki export domain domain-name p12
{ all | local } passphrase
p12passwordstring filename filename
•
Export certificates in PEM format:
pki export domain domain-name pem
{ { all | local } [ { 3des-cbc | aes-128-cbc |
aes-192-cbc | aes-256-cbc | des-cbc }
pempasswordstring ] | ca } [ filename
filename ]
253
Remarks
By default, the device stores certificates and
CRLs in the PKI directory on the storage
media of the device.
The specified directory must be on the active
MPU of the device.
Remarks
N/A
If you do not specify a file
name when you export a
certificate in PEM format, the
certificate is displayed on the
terminal.
Advertisement
Table of Contents
Troubleshooting
