This post will show you how to manually import certificates and RSA key pairs.
Procedure
Step 1 Enable the device to send certificate request information to the CA in out-of-band mode (web, disk, or email) to apply for a local certificate..
Step 2 Download the CA certificate, local certificate, and RSA key pair file, and upload them to the device storage media using TFTP.
Generally, certificates in DER or PEM format and key pairs are in different files, and certificates in PKCS#12 format and key pairs are in the same file.
Step 3 Import the CA certificate. If there are multiple CA certificates, import all CA certificates.
Step 4 Import the local certificate.
Step 5 Import the RSA key pair. For the files in PEM or PKCS#12 format, the password for the RSA key pair provided by the CA is also required.
Step 6 Check whether the imported local certificate and RSA key pair match. If no matching key pair is found, check whether the imported file is correct.
For details, see the USG6000E Firewall Product Documentation.
