Use this command to add a PEM formatted certificate to a certificate list.
| pki-cert-list | Specifies the name of the certificate list. Valid Values are up to 32 printable characters. |
| no-confirm | (Optional) Specifies that an entered certificate should be accepted without confirmation. |
If the no-confirm option is not entered, you are asked to confirm the entered certificate value.
All command modes with admin privilege.
This command is used to configure PKI with an X.509 certificate and to group configured X.509 certificates in the specified certificate list. Applications which require PKI services, such as SSH, reference these certificate lists when authenticating.
If the specified list does not exist, it will be automatically created. If all certificates are removed from a list, the list will be automatically deleted. You can delete a single certificate from a certificate list using the clear pki certificate command.
The user must have admin (su) privilege to use this command. Users with read-only, read-write, or admin privilege can display PKI settings using the show pki certificate command.
Once you enter the command specifying the name of the certificate list to be entered, you are asked to enter the PKI certificate:
Enter the PEM encoded certificate-list-name certificate
Certificate data must be entered in Privacy Enhanced Mail (PEM) format, complete with the appropriate X.509 header -----BEGIN CERTIFICATE----- and footer -----END CERTIFICATE-----. Certificate entry is terminated by entering a blank line or the word “quit” on a line by itself.
Certificate information then displays. If you did not specify the no-confirm option, you are asked to confirm the entered certificate.
This example shows how to set the myTrustedOcspSigningCerts PKI certificate, followed by a display of the entered certificate details:
Print
this page
Email this topic
Feedback
View PDF
Download EPUBSystem(su)->set pki certificate myTrustedOcspSigningCerts
Enter the PEM encoded myTrustedOcspSigningCerts certificate
End with a blank line or the word "quit" on a line by itself
-----BEGIN TRUSTED CERTIFICATE-----
MIIELjCCAxagAwIBAgIBBDANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJVUzES
MBAGA1UEChMJRW50ZXJhc3lzMQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEc
MBoGA1UEAxMTRXN5cyBKSVRDIFJvb3QgQ0EgMjAeFw0xMjAyMjExODQ0MTRaFw0y
MjAyMTgxODQ0MTRaMGsxCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlFbnRlcmFzeXMx
DDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMSwwKgYDVQQDEyNFc3lzIEpJVEMg
Um9vdCBDQSAyIE9DU1AgRGVsZWdhdGUgMjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKvefxWIoURH/32iw8mS64MIc0k0+/8zN2lHf/s+T+MbqlmUqriC
Ax2JfCGM1jcpgQB4gdMU0fqMsgb1aQ5Vy3adtAzj7jZ9IS3OmX2O0ZBRi4rXr1dg
NukkfOdSBg68/pzzjdaZEsbeeXNdZnbtlemex+9KvBJ9TLw8pt4ZxQF12AIulRAI
Ov4WVcpnHHQL7WAcEcF56xqcYLkDYKDHhqkwanM8kEnHptWvTVqv9hEr054wu88a
lqzPYLnhNdY8mqsOAFuBM/kJcblSZjb+VI4bfwOAAn/SikbBqn9+9jG4lE1WUPDB
sWIdfZt6p+7tF3kx+ayfx0aYvFGunoi6RrECAwEAAaOB7DCB6TAOBgNVHQ8BAf8E
BAMCAYYwgYMGA1UdIwR8MHqAFFckAV1bJeN4QrJH3z97+YOQyrLgoV+kXTBbMQsw
CQYDVQQGEwJVUzESMBAGA1UEChMJRW50ZXJhc3lzMQwwCgYDVQQLEwNEb0QxDDAK
BgNVBAsTA1BLSTEcMBoGA1UEAxMTRXN5cyBKSVRDIFJvb3QgQ0EgMoIBBTAdBgNV
HQ4EFgQUS9Nou/9KbX2HFzFcsWqJf3HklyIwDAYDVR0TAQH/BAIwADATBgNVHSUE
DDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3DQEBBQUAA4IB
AQCXKen2sXv68AaA7JK1uJhVD9xRuWw7O+J3Q8zA4B/BM5vkhiZZMK+Ro70HaQSI
ebAjrXsZ1VUD1pS5nkud2TawYwICyL8jxxbIX9nnIC6esr9shmCaxv/pCXMI5iZr
3zPism/n8OJpk6ZR75F/8Tnt8lUXrSFvJdwxb76nFR6zPStNorSuSgrZaGtmftUj
xZs7/PKXxWoryZmfua6oIg7SACWApBSu6Jhj7lgS6wAvow4K3WCbso+afmnpcNT7
kMkWJO7J4jUaKS/yjn8xkO2HhZZ+g1Lh1lK00i+hOx515aUHj2DpxMNQtiTvNnJr
5LJ+xqz0gfSDJB385ZTM6o4b
-----END TRUSTED CERTIFICATE-----
quit
Entered certificate has the following attributes:
Fingerprint: a2:33:a9:df:df:8a:fb:9a:d2:f0:5e:c0:c3:8a:8a:4b:ad:0a:6f:1b
Issuer: C=US, O=Enterasys, OU=DoD, OU=PKI, CN=Esys JITC Root CA 2
Validity
Not Before: Feb 21 18:44:14 2012 GMT
Not After : Feb 18 18:44:14 2022 GMT
Subject: C=US, O=Enterasys, OU=DoD, OU=PKI, CN=Esys JITC Root CA 2 OCSP Delegate 2
Do you accept this certificate (y/n) [n]?y
System(su)->