crypto import-pkcs

Imports a TLS server certificate and a private key in PKCS12 format.

Syntax

crypto import-pkcs type { https } protocol [ scp | sftp ] host [ ip-address ] file [ cert-file ] passphrase [ passphrase ] user [ remote-user ] password [ password ]

no crypto import type { https }

Command Default

Parameters

protocol

scp: Specifies use of SCP for accessing the certificate file.
sftp: Specifies use of SFTP for accessing the certificate file.

type https

Indicates that the certificate is used for HTTPS server authentication.

host remote-ip

Specifies the IPv4 or IPv6 unicast address of the remote server where the file is located.

user remote-user

Specifies the remote user with access to the file. Supports 1-64 characters.

password remote-user-password

Specifies the password for the remote user.

Note

As a best practice, do not list the password in the command line for security purposes. The user is prompted for the password.

file certificate-and-key-file

Specifies the PKCS file to retrieve. Supports 1-512 characters.

pkcspassphrase passphrase

Specifies the passphrase to unlock the file. Supports 1-64 characters.

Modes

Exec mode

Usage Guidelines

Use this command to import a TLS server certificate and private key (in PKCS12 format) to device and establish a secure connection.

The [no] form of the command removes PKCS-format files.

The no crypto import type https command removes the installed PKCS-format files.

Table 1. Error messages
Message	Reason
`SCP/SFTP validation failed`	Importing certificate failed. Please verify certificate location and user credentials/parameters.
`Invalid credentials or server not accessible`	Importing certificate failed. Please verify certificate location and user credentials/parameters.
`Certificate validation failed`	Error: Importing certificate failed due to invalid file format or validation failed.
`Username validation failed`	Error: Importing certificates failed. Username length should be between 1 and 64 characters.
`IP address validation failed`	Importing certificates failed. Only valid IPv4 or IPv6 unicast address is supported.
`Cert/key file name validation failed`	Importing certificates failed. File name length should be between 1 and 512.

Examples

The following example specifies HTTPS authentication and SCP for the certificate file ngnpb.pkcs.

device# crypto import-pkcs protocol scp type https host 10.24.12.111 user testuser password password file ngnpb.pkcs pkcspassphrase passphrase
 
HTTPS server certificate imported.

Installing https certificate will result in a momentary delay and may affect active CLI connections - please be patient.
Successfully imported file: ngnpb.pkcs

The following example removes the installed PKCS-format files.

device# no crypto import-pkcs type https

Note

no crypto import type https also removes the installed PKCS-format files.