Good day!
If you have a certificate of purchase, you can do so as follows:
1) Create a new PKI realm (assumed to be tested) and import the certificate.
Suppose the certificate authority provides the certificate in the PEM format, the two CA certificates (rootca.pem, middleca.pem), the local certificate(localcert.pem), and the corresponding private key file (local_privatekey.pem). You need to import a PKI domain whose device name is test.
a) Import the CA certificate and import it one by one according to the CA certificate file provided by the certificate authority.
[AC6005]pki import-certificate ca realm test pem filename rootca.pem
[AC6005]pki import-certificate ca realm test pem filename middleca.pem
After importing, you can use the following command to view:
[AC6005]display pki certificate ca realm test
b) Import the local certificate file
[AC6005]pki import-certificate local realm test pem filename localcert.pem
After importing, you can use the following command to view
[AC6005]display pki certificate local realm test
c) If the certificate authority provides a private key file, you need to import the private key file, otherwise, ignore this step
[AC6005]pki import rsa-key-pair test pem local_privatekey.pem password xxx
d) Use the following command to check if the imported certificate and private key match
[AC6005]pki match-rsa-key certificate-filename localcert.pem
Info: The file localcert.pem contains certificates 1.
Info: Certificate 1 from file localcert.pem matches RSA key test.
2) Create a new SSL policy and bind the PKI realm
[AC6605] ssl policy test type server
[AC6605-ssl-policy-test]pki-realm test
3) Execute the following commands in sequence
[AC6605] undo http secure-server ssl-policy
[AC6605] http secure-server ssl-policy test
[AC6605] portal local-server https ssl-policy test port xxx
