crypto import

Imports the Identity Certificate for security configuration.

Syntax

crypto import { ldapca | radiusca | syslogca | ssh-x509v3ca | gnmiclientca | oauth2pkicert } directory dir-name file file-name host host-address protocol {FTP | SCP } source-ip source-ip user user-name password password

no crypto import { ldapca |radiusca | syslogca | ssh-x509v3ca | gnmiclientca | oauth2pkicert }

Parameters

ldapca |radiusca | syslogca | ssh-x509v3ca | oauth2pkicert | gnmiclientca: Defines the type of certificate to import. Select from ldapca, radiusca, syslogca, ssh-x509v3ca, gnmiclientca or oauth2pkicert.
directory dir-name: Defines the remote directory where the certificate file resides.
file file-name: Defines the name of the certification file.
host host-address: Defines the host name or IP address of the remote certificate server.
protocol {FTP | SCP}: Specifies the use of either FTP or SCP protocol for accessing the certificate file.
source-ip source-ip: (SCP only) Specifies the source IP address to use in the header.
user user-name: Defines user name for the remote certificate server.
password password: Defines the password for the user name for the remote certificate server.
Note
When the password is not provided in the CLI command, the user will be prompted for it when the CLI is executed.

Note
gNMI Client CA is needed for mutual TLS communication. For server based authentication, gNMI Client CA is optional.

Modes

Privileged EXEC mode

Usage Guidelines

Use the no form of the command to remove the Identity Certificate.

The OAuth2 PKI certificate validates the signature in the OAuth2 token.

Examples

This example imports a RADIUS certificate over SCP.

device# crypto import radiusca t1 certificate protocol SCP host 10.10.10.10 
user fvt directory /users/crypto file cacert.pem password ****

This example imports an SSH-x509v3 certificate over SCP.

device# crypto import ssh-x509v3ca protocol SCP host 10.10.10.10 
directory /root/certs file cacert.pem user root password ****

This example imports an Oauth2 PKI certificate over SCP.

device# crypto import oauth2pkicert directory <path-to-pki-file> file 
oauthcert.pem host 10.10.10.10 protocol SCP user <remote-user> password ****

This example deletes an Oauth2 PKI certificate.

device# no crypto import oauth2pkicert

Example

This example imports a gNMI client CA certificate over SCP.

device# crypto import gnmiclientca directory  /home/kokila/ocsp_cert_116/certs/ file ca.cert.pem host 10.23.20.116 protocol SCP user kokila password ***

Example

This example deletes gNMI client CA certificate.

device# no crypto import gnmiclientca