Exporting certificates


[IMPORTANT: ]

IMPORTANT:

To export all certificates in the PKCS12 format, the PKI domain must have a minimum of one local certificate. Otherwise, the certificates in the PKI domain cannot be exported.


You can export the CA certificate and the local certificates in a PKI domain to certificate files. The exported certificate files can then be imported back to the device or other PKI applications.

To export certificates:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Export certificates.

  • Export certificates in DER format:pki export domain domain-name der { all | ca | local } filename filename

  • Export certificates in PKCS12 format:pki export domain domain-name p12 { all | local } passphrase p12-key filename filename

  • Export certificates in PEM format:pki export domain domain-name pem { { all | local } [ { 3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc } pem-key ] | ca } [ filename filename ]

If you do not specify a file name when you export a certificate in PEM format, this command displays the certificate content on the monitor screen.

When you export a local certificate with RSA key pairs to a file, the certificate file name might be different from the file name specified in the command. The actual certificate file name depends on the purpose of the key pair contained in the certificate. For more information, see Security Command Reference.