crypto import

Imports the Identity Certificate for security configuration.

Syntax

crypto import { ldapca|radiusca | syslogca | ssh-x509v3ca | oauth2pkicert} directory dir-name file file-name host host-address protocol {FTP | SCP} source-ip source-ip user user-name password password
no crypto import { ldapca|radiusca | syslogca | ssh-x509v3ca | oauth2pkicert}

Parameters

ldapca|radiusca | syslogca | ssh-x509v3ca | oauth2pkicert
Defines the type of certificate to import. Select from ldapca, radiusca, syslogca, ssh-x509v3ca, or oauth2pkicert.
directory dir-name
Defines the directory where the certification file resides.
file file-name
Defines the name of the certification file.
host host-address
Defines the host name or IP address of the remote certificate server.
protocol {FTP | SCP}
Specifies the use of either FTP or SCP protocol for accessing the certification file.
source-ip source-ip
(SCP only) Specifies the source IP address to use in the header.
user user-name
Defines user name for the host server.
password password
Defines the password for the user name for the host server.
Note

Note

As a best practice, do not list the password in the command line for security purposes. The user will be prompted for the password.

Modes

Privileged EXEC mode

Usage Guidelines

Use the no form of the command to remove the Identity Certificate.

The OAuth2 PKI certificate validates the signature in the OAuth2 token.

Examples

This example imports a RADIUS certificate over SCP. 

device# crypto import radiusca t1 certificate protocol SCP host 10.10.10.10 
user fvt directory /users/crypto file cacert.pem password ****
This example imports an SSH-x509v3 certificate over SCP.
device# crypto import ssh-x509v3ca protocol SCP host 10.10.10.10 
directory /root/certs file cacert.pem user root password ****
This example imports an Oauth2 PKI certificate over SCP.
device# crypto import oauth2pkicert directory <path-to-pki-file> file 
oauthcert.pem host 10.10.10.10 protocol SCP user <remote-user> password ****
This example deletes an Oauth2 PKI certificate.
device# no crypto import oauth2pkicert
9036689-01 Rev AA