crypto import

Imports the authentication certificate for security configuration

Syntax

crypto import type { https | syslogca } host ip address protocol { scp | sftp } certificate certfile key key-file user remote user password remote user password

no crypto import

Note

When you use the no form of the command with type https, a new certificate/key pair is regenerated and used with the ingress controller.

Parameters

type

https: Specifies an https certificate.
syslogca: Specifies a syslogca certificate

host ip address

Defines the remote host name or IP address of the certificate server.

protocol

scp: Specifies use of SCP for accessing the certificate file.
sftp: Specifies use of SFTP for accessing the certificate file.

certificate file-name

Defines the name of the certificate file.

key key-file

Specifies the key file to retrieve.

username

Specifies the name of the remote user that has access to the file.

password user-password

Defines the password for the user name on the host server.

Note

As a best practice, do not list the password in the command line for security purposes. The user will be prompted for the password.

Modes

Exec mode

Usage Guidelines

This command is allowed only in configuration mode.
You must have the admin role to use this command.
Use the no form of the command to remove the authentication certificate.

Table 1. Error messages
Message	Reason
`SCP/SFTP validation failed`	Importing certificate failed. Please verify certificate location and user credentials/parameters.
`Invalid credentials or server not accessible`	Importing certificate failed. Please verify certificate location and user credentials/parameters.
`Certificate validation failed`	Error: Importing certificate failed due to invalid file format or validation failed.
`Username validation failed`	Error: Importing certificates failed. Username length should be between 1 and 64 characters.
`IP address validation failed`	Importing certificates failed. Only valid IPv4 unicast address is supported.
`Cert/key file name validation failed`	Importing certificates failed. File name length should be between 1 and 512

Examples

The following example imports the certificate key pair using SCP.

device# crypto import type https protocol scp host 10.23.17.115
  ➥certificate cert.pem key key.pem user jsalanga password password123 

Installing https certificate will result in a momentary delay
  ➥and may affect active CLI connections - please be patient. 

Successfully imported file: cert.pem 

Successfully imported file: key.pem

The following example deletes an HTTPS certificate.

device# no crypto import type https

Deleting https certificate!
Installing https certificate will result in a
momentary delay and may affect active CLI
connections - please be patient.
Successfully imported file: cert.pem
Successfully imported file: key.pem