The pki http command configures a device to use HTTP to download a CA certificate, local certificate, or CRL.
| Parameter | Description | Value |
|---|---|---|
| esc | Specifies the entering of URLs in the ASCII code. | - |
| url-address | Specifies the URL of a CA certificate, local certificate, or CRL. | The value is a string of 1 to 128 case-sensitive characters. |
| save-name | Specifies the name of a CA certificate, local certificate, or CRL saved on the CFcard or Hda1 of the device. | The value is a string of 1 to 64 case-insensitive characters. |
Before you configure a device to use HTTP to download a CA certificate, local certificate, or CRL, ensure that the CFcard or Hda1 of the device has enough space to accommodate the CA certificate, local certificate, or CRL.
An administrator cannot enter command lines that include a question mark (?). Keyword esc supports the entering of URLs that include the question mark (?) in the ASCII code, and 3f is the hexadecimal ASCII code for the question mark (?). Therefore, the entered URL must be in \x3f format. For example, the URL that an administrator needs to enter is http://www.example.com\x3fpage1, instead of http://www.example.com?page1. If the administrator wants to configure http://www.example.com?page1\x3f that includes both a question mark (?) and \x3f, the administrator should add an escape character (\) to \x3f and enter http://www.example.com\x3fpage1\\x3f.
# Configure a device to use HTTP to download a local certificate.
<sysname> system-view [sysname] pki http http://10.1.1.1/test.cer local.cer
# Configure a device to use HTTP to download a local certificate.
<sysname> system-view [sysname] pki http esc http://www.abc.com\x3fpage1\\x3f local.cer