crypto import type

Imports the authentication certificate for security configuration.

Syntax

crypto import type [ https | syslogca ] protocol [ scp | sftp ] host [ ip-address ] certificate [ cert-file ] key [ key-file ] user [ remote-user ] password [ remote-password ]

no crypto import type [ https | syslogca ]

Parameters

type

https: Specifies an https certificate.
syslogca: Specifies a syslogca certificate

host ip address

Specifies the IPv4 or IPv6 unicast address of the remote server where the file is located.

protocol

scp: Specifies use of SCP for accessing the certificate file.
sftp: Specifies use of SFTP for accessing the certificate file.

certificate file-name

Defines the name of the certificate file.

key key-file

Specifies the key file to retrieve.

username

Specifies the name of the remote user that has access to the file.

password user-password

Defines the password for the user name on the host server.

Note

As a best practice, do not list the password in the command line for security purposes. The user is prompted for the password.

Modes

Exec mode

Usage Guidelines

The [no] form of the command removes the authentication certificate.

When [no] form of the command is used with https type, a new certificate or key pair is regenerated and used with the ingress controller.

This command is available only to users with admin role.

This command is allowed only in configuration mode.

Table 1. Error messages
Message	Reason
`SCP/SFTP validation failed`	Importing certificate failed. Please verify certificate location and user credentials/parameters.
`Invalid credentials or server not accessible`	Importing certificate failed. Please verify certificate location and user credentials/parameters.
`Certificate validation failed`	Error: Importing certificate failed due to invalid file format or validation failed.
`Username validation failed`	Error: Importing certificates failed. Username length should be between 1 and 64 characters.
`IP address validation failed`	Importing certificates failed. Only a valid IPv4 or IPv6 unicast address is supported.
`Cert/key file name validation failed`	Importing certificates failed. File name length should be between 1 and 512

Examples

The following example imports the certificate key pair using SCP.

device# crypto import type https protocol scp host 10.23.17.115 certificate cert.pem key key.pem user jsalanga password password123 

Installing https certificate will result in a momentary delay and may affect active CLI connections - please be patient. 

Successfully imported file: cert.pem 
Successfully imported file: key.pem

The following example deletes an HTTPS certificate.

device# no crypto import type https
Deleting https certificate!