crypto import-pkcs

Imports a TLS server certificate and a private key in PKCS12 format

Syntax

crypto import-pkcs protocol { scp | sftp } type https host host-address user user-name password remote-user-password file file-name pkcspassphrase passphrase

no crypto import-pkcs

Command Default

Parameters

protocol

scp: Specifies use of SCP for accessing the certificate file.
sftp: Specifies use of SFTP for accessing the certificate file.

type https

Indicates that the certificate is used for HTTPS server authentication.

host host-address

Defines the remote host name or IP address of the certificate server.

user user-name

Defines the user name for the host server.

password user-password

Defines the password for the user name on the host server.

Note

As a best practice, do not list the password in the command line for security purposes. The user will be prompted for the password.

file file-name

Defines the file name of the certificate file in .pfx or .p12 format.

pkcspassphrase passphrase

Defines the password used at the creation of the .pfx or .p12 certificate file.

Modes

Exec mode

Usage Guidelines

Use this command to import a TLS server certificate and private key (in PKCS12 format) to device and establish a secure connection .

Use the no form of the command to remove PKCS-format files.

Or use the command no crypto import type https to remove installed PKCS-format files.

Table 1. Error messages
Message	Reason
`SCP/SFTP validation failed`	Importing certificate failed. Please verify certificate location and user credentials/parameters.
`Invalid credentials or server not accessible`	Importing certificate failed. Please verify certificate location and user credentials/parameters.
`Certificate validation failed`	Error: Importing certificate failed due to invalid file format or validation failed.
`Username validation failed`	Error: Importing certificates failed. Username length should be between 1 and 64 characters.
`IP address validation failed`	Importing certificates failed. Only valid IPv4 unicast address is supported.
`Cert/key file name validation failed`	Importing certificates failed. File name length should be between 1 and 512

Examples

The following example specifies HTTPS authentication and SCP for the certificate file ngnpb.pkcs.

device# crypto import-pkcs protocol scp type https host 10.24.12.111
  ➥user testuser password password file ngnpb.pkcs pkcspassphrase passphrase
 
HTTPS server certificate imported.

Installing https certificate will result in a
momentary delay and may affect active CLI
connections - please be patient.
Successfully imported file: ngnpb.pkcs

The following example removes the installed PKCS-format files.

device# no crypto import-pkcs type https

Note

no crypto import type https also removes the installed PKCS-format files.