crypto ca import
Imports the Identity Certificate for security configuration.
Syntax
crypto ca import
{
trustpoint-name
cert-type
{commoncert
|
https
|
ssh-x509v3
}
protocol
{FTP |
SCP}
directory
dir-name
file
file-name
host
host-address
user
user-name
password
password
source-ip
source-ip}
no crypto ca import
{trustpoint-name
cert-type
{commoncert
|
https
|
ssh-x509v3
}
}
Parameters
-
trustpoint-name
- Defines the name of the trust point you are
authenticating. This name needs to be the same as that of the trust point
created by the crypto ca trustpoint command. The string for the name cannot
be left blank. The length of the string can range from 1 through 64
characters.
- cert-type
commoncert
|
https
|
ssh-x509v3}
- Indicates that the
certificate is used for common, HTTPS, or SSH-x509v3 server
authentication.
- protocol
{FTP
|
SCP}
- Specifies the use of either FTP or SCP
protocol for accessing the certificate file.
- directory
dir-name
- Defines the directory where the certificate
resides.
- file
file-name
- Defines the name of the certificate file.
- host
host-address
- Defines the host name or IP address of the remote certificate server.
- user
user-name
- Defines the user name for the host server.
- source-ip
source-ip
- (SCP only) Specifies the source IP address to use in the header.
- password
password
- Defines the password for the user name on the
host server.
Note
As a best
practice, do not list the password in the command line for security
purposes. The user will be prompted for the password.
Modes
Privileged EXEC mode
Usage Guidelines
The trustpoint-name name
needs to be the same as that of the trust point created by the crypto ca trustpoint
command.
Use the no form of the command
to remove the certificate.
Examples
This example specifies HTTPS authentication and the SCP protocol.
device# crypto ca import t1 certificate cert-type https protocol SCP host 10.70.12.102
user fvt directory /users/crypto file cacert.pem
Password: **********
This example specifies SSH-x509v3
authentication and the SCP
protocol.
device# crypto ca import myca certificate cert-type ssh-x509v3 protocol SCP
directory /root/certs file sshserver.pem host x.x.x.x user root password ****
