Importing Certificates

You can import the following types of certificates into themanaged device:

Server certificate signed by a trustedCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.. This includes a public andprivate keyThe part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender.pair.

CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.certificate used to validate other server or client certificates. This includes only thepublic keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient.for the certificate.

Client certificate andpublic keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient.of client. (Thepublic keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient.is used for applications such asSSHSecure Shell。SSH是一个网络protocol that provides secure access to a remote device.which does not support X509 certificates and requires thepublic keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient.to verify an allowed certificate.)

Certificates can be in the following formats:

X509 PEM unencrypted

X509 PEM encrypted with a key

DER

PKCS7 encrypted

PKCS12 encrypted

You cannot export certificates from themanaged device.

The following procedure describes how to import certificates into themanaged device:

1.In theManaged Networknode hierarchy, navigate to theConfiguration > System > Certificatestab

2.Expand theImport Certificatesaccordion.

3.In theImport Certificatestable click +.

4.ForCertificate Name, enter a user-defined name.

5.ForCertificate Filename, clickBrowseto navigate to the appropriate file on your computer.

6.If the certificate is encrypted, enter and repeat the passphrase.

7.Select theCertificate Formatfrom the drop-down list.

8.Select theCertificate Typefrom the drop-down list.

9.ClickSubmit.

10.ClickPending Changes.

11.In thePending Changeswindow, select the required check box and clickDeploy changes.

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.command importsCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.certificates:

crypto pki-import {der|pem|pfx|pkcs12|pkcs7} {PublicCert|ServerCert|TrustedCA}

The following example imports a server certificate namedcert_20in DER format:
crypto pki-import der ServerCert cert_20