crypto ca import-pkcs
Imports a TLS server certificate and a
private key in PKCS12 format.
Syntax
crypto ca import-pkcs
{type pkcs12
cert-type
{
ssh-x509v3
|
https
|
gNMI-server
}
protocol
{FTP |
SCP}
directory
dir-name
file
file-name
source-ip
source-ip
host
host-address
user
user-name
password
scp-password
[
pkcs-passphrase
pkcs-export-password
]
[
use-vrf
vrf-name
]}
no crypto ca
import-pkcs
type pkcs12
cert-type
{
ssh-x509v3
|
https
|
gNMI-server
}
Parameters
- type pkcs12
- Indicates that the private key for the CA
certificate is in the <term>pkcs12</term> format.
- cert-type
{https
|
ssh-x509v3|
gNMI-server}
- Indicates that the certificate is used for
HTTPS, SSH-x509v3 or gNMI server authentication.
- protocol
{FTP
|
SCP}
- Specifies the use of either FTP or SCP
protocol for accessing the remote certificate file.
- directory
dir_name
- Defines the remote directory where the
certificate resides.
- file
file-name
- Defines the file name of the certificate
file in .pfx or .p12 format.
- host
host-address
- Defines the host name or IP
address of the remote certificate server.
- source-ip
source-ip
- (SCP only) Specifies the source IP address to use in the header.
- user
user-name
- Defines the user name for the remote
certificate server.
- password
scp-password
- Defines the password for the user name on
the remote certificate server.
Note
When the password is not
provided in the CLI command, the user will be prompted for it when the
CLI is executed.
- pkcs-passphrase
pkcs-export-password
- Defines the password used at the creation of
the .pfx or .p13 certificate file.
- use-vrf
vrf-name
- Defines the VRF to use to reach the remote
certificate server.
Modes
Privileged EXEC mode
Usage Guidelines
Use this command to import a TLS server certificate and private key (in PKCS12 format) to an
SLX device (with no trust point) and establish a secure connection
Use the no form of the command to remove a certificate and
key.
Examples
This example specifies HTTPS authentication and SCP using a VRF named red.
device# crypto ca import-pkcs12 cert-type https protocol SCP host 10.70.12.102
user fvt directory /users/crypto file pkcs12cert.p12 password **********
pkcs-passphrase ******** use-vrf red
This example removes an HTTPS certificate and key.
device# no crypto ca import-pkcs type pkcs12 cert-type https
Example
This example specifies gNMI server authentication.
device# crypto ca import-pkcs type pkcs12 cert-type gNMI-server directory /root/gselvaraj/NH217/ file nh217.pfx protocol SCP host 10.24.12.107 user root password *** pkcs-passphrase ***
Example
This example removes gNMI server certificate and key.
device# no crypto ca import-pkcs type pkcs12 cert-type gNMI-server
