488Related commandspki domainpki importUse pki import to import the CA certificate, local certificates, or peer certificates for a PKI domain.Syntaxpki import domain domain-name { der { ca | local | peer } filename filename | p12 local filenamefilename | pem { ca | local | peer } [ filename filename ] }ViewsSystem viewPredefined user rolesnetwork-adminParametersdomain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.The domain name cannot contain the special characters listed in Table 71.Table 71 Special charactersCharacter name Symbol Character name SymbolTilde ~ Dot .Asterisk * Left angle bracket <Backslash \ Right angle bracket >Vertical bar | Quotation marks "Colon : Apostrophe 'der: Specifies the DER certificate file format, including PKCS#7.p12: Specifies the PKCS#12 certificate file format.pem: Specifies the PEM certificate file format.ca: Specifies the CA certificate.local: Specifies the local certificates.peer: Specifies the peer certificates.filename filename: Specifies a certificate file name, a case-insensitive string. For a certificate inPEM format, you can also choose to copy and paste the certificate contents on the terminal insteadof importing from a file.Usage guidelinesUse this command to import a certificate in the following situations:• The CRL repository is not specified or the CA server does not support SCEP.• The certificate is packed with the server generated key pair in a single file. Only certificate filesin PKCS12 or PEM format can contain key pairs.Before you import certificates, complete the following tasks:• Use FTP or TFTP to upload the certificate files to the storage media of the device. If FTP orTFTP is not available, display and copy the contents of a certificate to a file on the device. Makesure the certificate is in PEM format because only certificates in PEM format can be imported bythis means.