Exporting certificates

About exporting certificates

You can export the CA certificate and the local certificates in a PKI domain to certificate files. The exported certificate files can then be imported back to the device or other PKI applications.

Restrictions and guidelines

To export all certificates in PKCS12 format, the PKI domain must have a minimum of one local certificate. If the PKI domain does not have any local certificates, the certificates in the PKI domain cannot be exported.

If you do not specify a file name when you export a certificate in PEM format, this command displays the certificate content on the terminal.

When you export a local certificate with RSA key pairs to a file, the certificate file name might be different from the file name specified in the command. The actual certificate file name depends on the purpose of the key pair contained in the certificate. For more information about the file naming rule, see the pki export command in Security Command Reference.

Procedure

  1. Enter system view.

    system-view

  2. Export certificates.

    • Export certificates in DER format.

      pki export domain domain-name der { all | ca | local } filename filename

    • Export certificates in PKCS12 format.

      pki export domain domain-name p12 { all | local } passphrase p12-key filename filename

    • Export certificates in PEM format.

      pki export domain domain-name pem { { all | local } [ { 3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc } pem-key ] | ca } [ filename filename ]