Function
The pki import rsa-key-pair command imports the RSA key pair and the certificate to the device memory.
Format
pki import rsa-key-pair key-name [ exclude-cert ] { pem | pkcs12 } file-name [ exportable ] [ password password ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| key-name | Specifies the name of the RSA key pair on the device. | The value is a string of 1 to 64 characters and case-sensitive without spaces or question marks (?). If the character string is quoted by double quotation marks (" "), the character string can contain spaces and question marks. |
| exclude-cert | Indicates not importing the certificates in the file. | - |
| pem file-name | Indicates that the RSA key pair to be imported is in the PEM format and specifies the file name to store the RSA key pair. | The value must be an existing certificate file name that stores the RSA key pair and the certificate. |
| pkcs12 file-name | Indicates that the RSA key pair to be imported is in the PKCS12 format and specifies the file name to store the RSA key pair. | The value must be an existing certificate file name that stores the RSA key pair and the certificate. |
| exportable | Indicates that the imported RSA key pair can be exported. | - |
| password password | Specifies the decryption password of the RSA key pair. , and the password is the same as the password set by the pki export rsa-key-pair command | The value must be the name of an existing decryption password of the RSA key pair. |
Usage Guidelines
Usage Scenario
Run this command to use the RSA key pair, certificates, or certificate chains generated by other entities. After the configuration, the imported RSA key pair can be referenced by the PKI module for operations such as signing. The certificates and certificate chains are used for authentication.
NOTE: Windows Server 2003 has a low processing performance. For the device to connect to a Windows Server 2003, the device cannot have too many entities configured or use a large-sized key pair.
If you do not know the format of the key pair you want to import, configure each format in turn and check whether the key pair is successfully imported.
Prerequisites
The RSA key pair and related certificates must already exist on the storage device.
Precautions
You'd better to configure the name of an RSA key pair less than 50 characters. Because when an RSA key pair is imported, if the certificate is imported at the same time, the PKI system adds _localx.cer after the name of the RSA key pair to generate a new certificate file name, and saves it to the storage component. If the name exceeds 50 characters, the total number of characters exceeds 64, and the certificate file cannot be saved to the storage component.
<sysname> cd pki <sysname> cd public/
Example
# Import RSA key pair aaa.pem. In the system, the RSA key pair name is key-1, and the password is Test!123456. The RSA key pair name can be marked exportable.
<sysname> system-view [sysname] pki import rsa-key-pair key-1 pem aaa.pem exportable password Test!123456 Info: Succeeded in importing the RSA key pair in PEM format.