F5080 防火墙如何导入PKI域导入CA证书
(0)
一 、确定证书编码格式方法
用文本编辑器打开证书文件。
二进制数据就是DER编码,文本数据就是PEM编码、
二 、证书和key文件需要放置到1个文件中,进行导入。
把证书跟key文件都先用txt打开,然后把key的内容粘贴到证书里,最后整合成一个.cer文件,进行导入。
操作步骤如下:
1、创建pki domain
[H3C]pki domain test
[H3C-pki-domain-test]undo crl check enable
[H3C-pki-domain-test]di th
#
pki domain test
undo crl check enable
#
return
2、导入ca证书
[H3C]pki import domain test pem ca filename ca.crt
The trusted CA's finger print is:
MD5 fingerprint:3B3C 38DE 73AA 304F 4D1C DE6D CDA3 0078
SHA1 fingerprint:D4BE F1FA 57EB F05D 73C9 7B12 2107 D751 A08C 6C33
Is the finger print correct?(Y/N):y
[H3C]display pki certificate domain test ca
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
60:68:ef:7b:39:fd:23:45:50:a3:eb:7d:a7:25:63:c3:2f:f6:62:ea
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=TLS Project Dodgy Certificate Authority
Validity
Not Before: May 6 02:21:20 2020 GMT
Not After : Jan 13 02:21:20 2034 GMT
Subject: O=TLS Project Dodgy Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:b1:7f:9f:fd:35:0c:85:9a:06:c9:22:de:10:57:
c1:0e:ca:73:ff:fa:98:1c:27:ce:0c:06:a4:e4:83:
86:53:4b:ec:96:1f:2d:ca:82:1f:f3:ee:b0:1a:ea:
ba:f9:91:44:04:67:41:e9:10:eb:1c:2c:0e:ec:2c:
3b:9d:56:b0:4f:fc:ba:4c:e5:c8:2d:8e:f3:a5:8b:
c6:4b:e5:cb:7d:1e:bc:32:31:aa:d1:c0:d1:f0:3a:
8d:aa:05:ee:ab:cb:74:71:70:36:e9:41:60:94:81:
e9:c8:ad:ad:e1:10:d7:e9:a1:8f:cb:c1:a1:98:8f:
f9:db:67:dd:c0:24:7d:45:e3
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
65:85:d4:a3:dd:40:3c:f0:48:f7:fa:60:57:44:14:20:9e:8f:
3a:ef:25:71:56:9e:ef:cf:e9:ac:8e:83:4c:b7:b2:56:2c:15:
b9:ad:32:22:47:78:6e:28:98:90:38:c2:39:55:2f:46:b9:6e:
d0:e9:23:22:a9:16:05:40:82:34:92:70:dc:9c:04:0f:40:72:
dd:56:6d:b1:b2:fa:e4:0d:a5:2b:3b:40:17:3e:bd:30:8a:92:
9e:3f:b3:a7:e5:48:ca:7b:45:48:5a:08:82:18:78:6b:ac:be:
69:21:61:d0:91:cd:36:da:d3:27:2b:d0:fe:35:e1:0f:c9:4f:
4a:a7
[H3C]
3 合成本地证书,并导入
<H3C>tftp 192.168.60.20 get client.crt
Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 746 100 746 0 0 5406 0 --:--:-- --:--:-- --:--:-- 5738
Writing file...Done.
<H3C>sys
[H3C]pki import domain test pem local filename client.crt
Neither the device nor the certificates has a key pair.
Failed to import certificates.
//提示没有key,需要用文本编辑器client.key和client.crt打开,合成一个文件client.cert ,如下:
-----BEGIN CERTIFICATE-----
MIIB8TCCAVoCFHaGqxw2+H/QheSBHf3gX1y6fqOJMA0GCSqGSIb3DQEBBQUAMDIx
MDAuBgNVBAoMJ1RMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0
eTAeFw0yMDA1MDYwMjIxMjJaFw0zNDAxMTMwMjIxMjJaMD0xJzAlBgNVBAoMHlRM
UyBQcm9qZWN0IERldmljZSBDZXJ0aWZpY2F0ZTESMBAGA1UEAwwJMTI3LjAuMC4x
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMN0uC/pgv+nDByGh+c22msfCK
Er+Myo17dDP5+l/GCwxkdQC1GNkXSBwU4TMeTH1JrKXDnt0GjCk+yDE899Uho3aA
liAb7Pd7Ie5+7vW9QvMjkxOtAbJrUC9dURBWOF/2bu8BDl82r/Okl7hfSFmdtTGb
7PGTr7l5iuvK1LzA2QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHrTygx9UK5AO4JT
nADVvpxwBE8Dz8vVj3Kj138IAfnWKQ4Myiz/z15wymurfpCi/7pX5gC2ELdphttm
PAd3pENo2LM+ZloNeojk+DHtZQPijHuC41zdvV6OzwRSc1Or2W0FtDRX68CZ6q1z
YNjpINh3vUvUsnq+Ko6KpQV6spbY
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDMN0uC/pgv+nDByGh+c22msfCKEr+Myo17dDP5+l/GCwxkdQC1
GNkXSBwU4TMeTH1JrKXDnt0GjCk+yDE899Uho3aAliAb7Pd7Ie5+7vW9QvMjkxOt
AbJrUC9dURBWOF/2bu8BDl82r/Okl7hfSFmdtTGb7PGTr7l5iuvK1LzA2QIDAQAB
AoGBAIlMi+pQfcWUHYdL1GVf+dLfQ5exLzPbYvAjmmZxHT8rYnOP7p/TSvHKO4cW
OaYfSwTjnLc+8d9bEMfzFJenEJVPHEQfYmRhbT4H7WvuUsDdFPqEGuqV6FBTIqpV
hfakld9LhEV3eZKB4VhGyd2GGHuXzYP8D2pV+3NZX0gGdZS5AkEA86g4F4SDEbPl
qWT6ICvyZvXIKAC+3MbHqlK6Yw8S4TYPUcGUN7iB5VjBCjIQgYptjMEreJhRg/OM
bnQ6SbddowJBANaPmQjk8Z9mZofp4lmkpeWojoc+fVUjYQWmvAEqISytkdCvgVZu
IOsqRFuygiMeVWvu7JHvyBJWllz6QhYdV1MCQEzOo1fugq6q6eObHCnWEKSaJ81M
Zt4Ln1c2muCtGMN7mhqojgN+mxvj/X4sR/292Ei9f+mVAmU4+fS7mMAyGEcCQE6X
zxDI/BDNa6VBcN4xR2t2cK7tnu8+xF1Tk+5BRmGdOppcj13ffUNm+h80piLDC7s7
i4BxerHs8ashKG/9U20CQDiNOFy9OVUyWC26tumFaXYs5FxEpHcpHkV1E6ZyxIex
7gvS2exBXaB1GWm7gyVhpvQcpo8ca+tBKMJZwgdmKmI=
-----END RSA PRIVATE KEY-----
[H3C]
<H3C>tftp 192.168.60.20 get client.crt //再次导入合成后的证书文件client.crt
client.crt already exists. Overwrite it? [Y/N]:y
Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1652 100 1652 0 0 4196 0 --:--:-- --:--:-- --:--:-- 13766
Writing file...Done.
<H3C>sys
[H3C]pki import domain test pem local filename client.crt
The system is going to save the key pair. You must specify a key pair name, whic
h is a case-insensitive string of 1 to 64 characters. Valid characters include a
to z, A to Z, 0 to 9, and hyphens (-).
Please enter the key pair name[default name: test]:temp
[H3C]display pki certificate domain test local
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
76:86:ab:1c:36:f8:7f:d0:85:e4:81:1d:fd:e0:5f:5c:ba:7e:a3:89
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=TLS Project Dodgy Certificate Authority
Validity
Not Before: May 6 02:21:22 2020 GMT
Not After : Jan 13 02:21:22 2034 GMT
Subject: O=TLS Project Device Certificate, CN=127.0.0.1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:cc:37:4b:82:fe:98:2f:fa:70:c1:c8:68:7e:73:
6d:a6:b1:f0:8a:12:bf:8c:ca:8d:7b:74:33:f9:fa:
5f:c6:0b:0c:64:75:00:b5:18:d9:17:48:1c:14:e1:
33:1e:4c:7d:49:ac:a5:c3:9e:dd:06:8c:29:3e:c8:
31:3c:f7:d5:21:a3:76:80:96:20:1b:ec:f7:7b:21:
ee:7e:ee:f5:bd:42:f3:23:93:13:ad:01:b2:6b:50:
2f:5d:51:10:56:38:5f:f6:6e:ef:01:0e:5f:36:af:
f3:a4:97:b8:5f:48:59:9d:b5:31:9b:ec:f1:93:af:
b9:79:8a:eb:ca:d4:bc:c0:d9
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
7a:d3:ca:0c:7d:50:ae:40:3b:82:53:9c:00:d5:be:9c:70:04:
4f:03:cf:cb:d5:8f:72:a3:d7:7f:08:01:f9:d6:29:0e:0c:ca:
2c:ff:cf:5e:70:ca:6b:ab:7e:90:a2:ff:ba:57:e6:00:b6:10:
b7:69:86:db:66:3c:07:77:a4:43:68:d8:b3:3e:66:5a:0d:7a:
88:e4:f8:31:ed:65:03:e2:8c:7b:82:e3:5c:dd:bd:5e:8e:cf:
04:52:73:53:ab:d9:6d:05:b4:34:57:eb:c0:99:ea:ad:73:60:
d8:e9:20:d8:77:bd:4b:d4:b2:7a:be:2a:8e:8a:a5:05:7a:b2:
96:d8
(0)
暂无评论
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论