crypto ca import-pkcs
Imports a TLS server certificate and a
private key in PKCS12 format.
Syntax
crypto ca import-pkcs
{type pkcs12
cert-type
{
ssh-x509v3
|
https
}
protocol
{FTP |
SCP}
directory
dir-name
file
file-name
source-ip
source-ip
host
host-address
user
user-name
password
scp-password
[
pkcs-passphrase
pkcs-export-password
]
[
use-vrf
vrf-name
]}
no crypto ca
import-pkcs
type pkcs12
cert-type
{
ssh-x509v3
|
https
}
Parameters
- type pkcs12
- Indicates the private key is in PKCS12 format.
- cert-type
https
|
ssh-x509v3}
- Indicates that the
certificate is used for HTTPS or SSH-x509v3 server authentication.
- protocol
{FTP
|
SCP}
- Specifies the use of either
FTP or SCP protocol for accessing the certification file.
- directory
dir_name
- Defines the directory where
the certificate resides.
- file
file-name
- Defines the file name of the certificate
file in .pfx or .p12 format.
- host
host-address
- Defines the host name or IP
address of the remote certificate server.
- source-ip
source-ip
- (SCP only) Specifies the source IP address to use in the header.
- user
user-name
- Defines the user name for the
host server.
- password
scp-password
- Defines the password for the
user name on the host server.
Note
As a best practice, do
not list the password in the command line for security purposes. The
user will be prompted for the password.
- pkcs-passphrase
pkcs-export-password
- Defines the password used at the creation of
the .pfx or .p13 certificate file.
- use-vrf
vrf-name
- Defines the VRF to use to reach the host server.
Modes
Privileged EXEC mode
Usage Guidelines
Use this command to import a TLS server certificate and private key (in PKCS12 format) to an
SLX device (with no trust point) and establish a secure connection
Use the no form of the command to remove a certificate and
key.
Examples
This example specifies HTTPS authentication and SCP using a VRF named red.
device# crypto ca import-pkcs12 cert-type https protocol SCP host 10.70.12.102
user fvt directory /users/crypto file pkcs12cert.p12 password **********
pkcs-passphrase ******** use-vrf red
This example removes an HTTPS certificate and key.
device# no crypto ca import-pkcs type pkcs12 cert-type https
