• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

F5080 防火墙如何导入PKI域导入CA证书

2022-09-06提问
  • 1关注
  • 0收藏,1534浏览
粉丝:0人 关注:0人

问题描述:

F5080 防火墙如何导入PKI域导入CA证书


组网及组网描述:


2 个回答

  、确定证书编码格式方法

     用文本编辑器打开证书文件。

 二进制数据就是DER编码,文本数据就是PEM编码、

 

二 、证书和key文件需要放置到1个文件中,进行导入。

 

把证书跟key文件都先用txt打开,然后把key的内容粘贴到证书里,最后整合成一个.cer文件,进行导入。

操作步骤如下:

1、创建pki domain

[H3C]pki domain test

[H3C-pki-domain-test]undo crl check enable                                                           

[H3C-pki-domain-test]di th                                                     

#                                                                               

pki domain test

  undo crl check enable                                                               

#                                                                              

return                     

 

2、导入ca证书                                                                                

[H3C]pki import domain test pem ca filename ca.crt                             

The trusted CA's finger print is:                                              

    MD5  fingerprint:3B3C 38DE 73AA 304F 4D1C DE6D CDA3 0078                   

    SHA1 fingerprint:D4BE F1FA 57EB F05D 73C9 7B12 2107 D751 A08C 6C33         

Is the finger print correct?(Y/N):y                                            

                                    

[H3C]display pki certificate domain test ca                                    

Certificate:                                                                   

    Data:                                                                      

        Version: 1 (0x0)                                                        

        Serial Number:                                                         

            60:68:ef:7b:39:fd:23:45:50:a3:eb:7d:a7:25:63:c3:2f:f6:62:ea        

        Signature Algorithm: sha1WithRSAEncryption                             

        Issuer: O=TLS Project Dodgy Certificate Authority                      

        Validity                                                               

            Not Before: May  6 02:21:20 2020 GMT                               

            Not After : Jan 13 02:21:20 2034 GMT                               

        Subject: O=TLS Project Dodgy Certificate Authority                     

        Subject Public Key Info:                                               

            Public Key Algorithm: rsaEncryption                                

                Public-Key: (1024 bit)                                         

                Modulus:                                                        

                    00:b1:7f:9f:fd:35:0c:85:9a:06:c9:22:de:10:57:              

                    c1:0e:ca:73:ff:fa:98:1c:27:ce:0c:06:a4:e4:83:              

                    86:53:4b:ec:96:1f:2d:ca:82:1f:f3:ee:b0:1a:ea:              

                    ba:f9:91:44:04:67:41:e9:10:eb:1c:2c:0e:ec:2c:              

                    3b:9d:56:b0:4f:fc:ba:4c:e5:c8:2d:8e:f3:a5:8b:              

                    c6:4b:e5:cb:7d:1e:bc:32:31:aa:d1:c0:d1:f0:3a:              

                    8d:aa:05:ee:ab:cb:74:71:70:36:e9:41:60:94:81:              

                    e9:c8:ad:ad:e1:10:d7:e9:a1:8f:cb:c1:a1:98:8f:              

                    f9:db:67:dd:c0:24:7d:45:e3                                  

                Exponent: 65537 (0x10001)                                      

    Signature Algorithm: sha1WithRSAEncryption                                 

         65:85:d4:a3:dd:40:3c:f0:48:f7:fa:60:57:44:14:20:9e:8f:                

         3a:ef:25:71:56:9e:ef:cf:e9:ac:8e:83:4c:b7:b2:56:2c:15:                

         b9:ad:32:22:47:78:6e:28:98:90:38:c2:39:55:2f:46:b9:6e:                

         d0:e9:23:22:a9:16:05:40:82:34:92:70:dc:9c:04:0f:40:72:                

         dd:56:6d:b1:b2:fa:e4:0d:a5:2b:3b:40:17:3e:bd:30:8a:92:                

         9e:3f:b3:a7:e5:48:ca:7b:45:48:5a:08:82:18:78:6b:ac:be:                

         69:21:61:d0:91:cd:36:da:d3:27:2b:d0:fe:35:e1:0f:c9:4f:                

         4a:a7                                                                  

                                                                                

[H3C] 

 

合成本地证书,并导入                                                                        

<H3C>tftp 192.168.60.20 get client.crt                                         

Press CTRL+C to abort.                                                         

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed  

100   746  100   746    0     0   5406      0 --:--:-- --:--:-- --:--:--  5738 

Writing file...Done.                                                           

                                                                                

<H3C>sys                                                                       

                              

[H3C]pki import domain test pem local filename client.crt                      

Neither the device nor the certificates has a key pair.                         

Failed to import certificates.    

 

//提示没有key,需要用文本编辑器client.keyclient.crt打开,合成一个文件client.cert ,如下:

-----BEGIN CERTIFICATE-----

MIIB8TCCAVoCFHaGqxw2+H/QheSBHf3gX1y6fqOJMA0GCSqGSIb3DQEBBQUAMDIx

MDAuBgNVBAoMJ1RMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0

eTAeFw0yMDA1MDYwMjIxMjJaFw0zNDAxMTMwMjIxMjJaMD0xJzAlBgNVBAoMHlRM

UyBQcm9qZWN0IERldmljZSBDZXJ0aWZpY2F0ZTESMBAGA1UEAwwJMTI3LjAuMC4x

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMN0uC/pgv+nDByGh+c22msfCK

Er+Myo17dDP5+l/GCwxkdQC1GNkXSBwU4TMeTH1JrKXDnt0GjCk+yDE899Uho3aA

liAb7Pd7Ie5+7vW9QvMjkxOtAbJrUC9dURBWOF/2bu8BDl82r/Okl7hfSFmdtTGb

7PGTr7l5iuvK1LzA2QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHrTygx9UK5AO4JT

nADVvpxwBE8Dz8vVj3Kj138IAfnWKQ4Myiz/z15wymurfpCi/7pX5gC2ELdphttm

PAd3pENo2LM+ZloNeojk+DHtZQPijHuC41zdvV6OzwRSc1Or2W0FtDRX68CZ6q1z

YNjpINh3vUvUsnq+Ko6KpQV6spbY

-----END CERTIFICATE-----

 

-----BEGIN RSA PRIVATE KEY-----

MIICXAIBAAKBgQDMN0uC/pgv+nDByGh+c22msfCKEr+Myo17dDP5+l/GCwxkdQC1

GNkXSBwU4TMeTH1JrKXDnt0GjCk+yDE899Uho3aAliAb7Pd7Ie5+7vW9QvMjkxOt

AbJrUC9dURBWOF/2bu8BDl82r/Okl7hfSFmdtTGb7PGTr7l5iuvK1LzA2QIDAQAB

AoGBAIlMi+pQfcWUHYdL1GVf+dLfQ5exLzPbYvAjmmZxHT8rYnOP7p/TSvHKO4cW

OaYfSwTjnLc+8d9bEMfzFJenEJVPHEQfYmRhbT4H7WvuUsDdFPqEGuqV6FBTIqpV

hfakld9LhEV3eZKB4VhGyd2GGHuXzYP8D2pV+3NZX0gGdZS5AkEA86g4F4SDEbPl

qWT6ICvyZvXIKAC+3MbHqlK6Yw8S4TYPUcGUN7iB5VjBCjIQgYptjMEreJhRg/OM

bnQ6SbddowJBANaPmQjk8Z9mZofp4lmkpeWojoc+fVUjYQWmvAEqISytkdCvgVZu

IOsqRFuygiMeVWvu7JHvyBJWllz6QhYdV1MCQEzOo1fugq6q6eObHCnWEKSaJ81M

Zt4Ln1c2muCtGMN7mhqojgN+mxvj/X4sR/292Ei9f+mVAmU4+fS7mMAyGEcCQE6X

zxDI/BDNa6VBcN4xR2t2cK7tnu8+xF1Tk+5BRmGdOppcj13ffUNm+h80piLDC7s7

i4BxerHs8ashKG/9U20CQDiNOFy9OVUyWC26tumFaXYs5FxEpHcpHkV1E6ZyxIex

7gvS2exBXaB1GWm7gyVhpvQcpo8ca+tBKMJZwgdmKmI=

-----END RSA PRIVATE KEY-----

 

                                            

[H3C]                                                                          

<H3C>tftp 192.168.60.20 get client.crt        //再次导入合成后的证书文件client.crt                                 

client.crt already exists. Overwrite it? [Y/N]:y                               

Press CTRL+C to abort.                                                         

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed  

100  1652  100  1652    0     0   4196      0 --:--:-- --:--:-- --:--:-- 13766 

Writing file...Done.                                                           

                                                                                

<H3C>sys                                                      

[H3C]pki import domain test pem local filename client.crt                      

The system is going to save the key pair. You must specify a key pair name, whic

h is a case-insensitive string of 1 to 64 characters. Valid characters include a

to z, A to Z, 0 to 9, and hyphens (-).                                        

Please enter the key pair name[default name: test]:temp                        

                                   

[H3C]display pki certificate domain test local                                 

Certificate:                                                                    

    Data:                                                                      

        Version: 1 (0x0)                                                       

        Serial Number:                                                         

            76:86:ab:1c:36:f8:7f:d0:85:e4:81:1d:fd:e0:5f:5c:ba:7e:a3:89        

        Signature Algorithm: sha1WithRSAEncryption                             

        Issuer: O=TLS Project Dodgy Certificate Authority                      

        Validity                                                               

            Not Before: May  6 02:21:22 2020 GMT                               

            Not After : Jan 13 02:21:22 2034 GMT                               

        Subject: O=TLS Project Device Certificate, CN=127.0.0.1                

        Subject Public Key Info:                                               

            Public Key Algorithm: rsaEncryption                                

                Public-Key: (1024 bit)                                          

                Modulus:                                                       

                    00:cc:37:4b:82:fe:98:2f:fa:70:c1:c8:68:7e:73:              

                    6d:a6:b1:f0:8a:12:bf:8c:ca:8d:7b:74:33:f9:fa:              

                    5f:c6:0b:0c:64:75:00:b5:18:d9:17:48:1c:14:e1:              

                    33:1e:4c:7d:49:ac:a5:c3:9e:dd:06:8c:29:3e:c8:              

                    31:3c:f7:d5:21:a3:76:80:96:20:1b:ec:f7:7b:21:               

                    ee:7e:ee:f5:bd:42:f3:23:93:13:ad:01:b2:6b:50:              

                    2f:5d:51:10:56:38:5f:f6:6e:ef:01:0e:5f:36:af:              

                    f3:a4:97:b8:5f:48:59:9d:b5:31:9b:ec:f1:93:af:              

                    b9:79:8a:eb:ca:d4:bc:c0:d9                                 

                Exponent: 65537 (0x10001)                                      

    Signature Algorithm: sha1WithRSAEncryption                                 

         7a:d3:ca:0c:7d:50:ae:40:3b:82:53:9c:00:d5:be:9c:70:04:                

         4f:03:cf:cb:d5:8f:72:a3:d7:7f:08:01:f9:d6:29:0e:0c:ca:                

         2c:ff:cf:5e:70:ca:6b:ab:7e:90:a2:ff:ba:57:e6:00:b6:10:                

         b7:69:86:db:66:3c:07:77:a4:43:68:d8:b3:3e:66:5a:0d:7a:                

         88:e4:f8:31:ed:65:03:e2:8c:7b:82:e3:5c:dd:bd:5e:8e:cf:                

         04:52:73:53:ab:d9:6d:05:b4:34:57:eb:c0:99:ea:ad:73:60:                

         d8:e9:20:d8:77:bd:4b:d4:b2:7a:be:2a:8e:8a:a5:05:7a:b2:                

         96:d8                                                                  

暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明