Removing a certificate – H3C Technologies H3C S6300 Series Switches User Manual

195

When you export a local certificate with the RSA key pair, the name of the target file might not be the

same as specified in the command. It depends on the purpose of the key pair of the certificate.
To export certificates:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Export certificates.

•

Export certificates in DER format:

pki export domain domain-name der { all |

ca | local } filename filename

•

Export certificates in PKCS12 format:

pki export domain domain-name p12 { all |

local } passphrase p12passwordstring
filename filename

•

Export certificates in PEM format:

pki export domain domain-name pem { { all |
local } [ { 3des-cbc | aes-128-cbc |

aes-192-cbc | aes-256-cbc | des-cbc }

pempasswordstring ] | ca } [ filename
filename ]

Configure at least one
command.
If you do not specify a file name
when you export a certificate in

PEM format, the certificate is
displayed on the terminal.

Removing a certificate

CAUTION:

When you remove the CA certificate in a domain, the system also removes the local certificates, peer
certificates, and CRLs in the same PKI domain.

Each certificate issued by a CA has a validity period. If the certificate is about to expire or your private

key is compromised, do the following tasks:

1.

Remove the local certificate.

2.

Use public-key local destroy to destroy the existing local key pair.

3.

Use public-key local create to generate a new key pair.

4.

Request a new certificate.

To remove a certificate:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Remove a certificate.

pki delete-certificate domain domain-name { ca |
local | peer [ serial serial-num ] }

If no serial number is
specified, the command

removes all peer

certificates.