Crypto Ca Import - Cisco AJ732A - MDS 9134 Fabric Switch Command Reference Manual

crypto ca import

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
crypto ca import
To import the identity certificate alone in PEM format or the identity certificate and associated RSA key
pair and CA certificate (or certificate chain) in Public-Key Cryptography Standards (PKCS) #12 form,
use the crypto ca import command in configuration mode.
Syntax Description trustpoint-label
pkcs12 source-file-url
pkcs12-password
Defaults
None.
Command Modes Configuration mode.
Command History Release
3.0(1)
Usage Guidelines
The first form of the command, crypto ca import trustpoint-label certificate, is used to import (by cut
and paste means) the identity certificate obtained from the CA, corresponding to the enrollment request
generated earlier in the trust point and submitted to the CA. The administrator is prompted to cut and
paste the certificate.
The second form of the command, crypto ca import trustpoint-label pkcs12 source-file-url
pkcs12-password, is used to import the complete identity information (that is, the identity certficate and
associated RSA key pair and CA certificate or certficate chain) into an empty trust point. This command
is useful for restoring the configuration after a system goes down.
The trust point configuration (created by the crypto ca trustpoint command) is persistent only if saved
Note
explicitly using the copy running-config startup-config command. The certificates and CRL associated
to a trust point are automatically made persistent if the trust point in question was already saved in the
startup configuration. Conversely, if the trust point was not saved in the startup configuration, the
certificates and CRL associated to it are not made persistent automatically because they do not exist
without the corresponding trust point after the switch reboots.
To ensure that the configured certificates, CRLs and key pairs are made persistent, always save the
running configuration to the startup configuration.
Cisco MDS 9000 Family Command Reference
4-132
crypto ca import trustpoint-label {certificate | pkcs12 source-file-url pkcs12-password}
Modification
This command was introduced.
Specifies the name of the trust point. The maximum size is 64
characters.
Specifies a source file in bootflash:filename format. The maximum size
is 512 characters.
Specifies the password that was used to protect the RSA private key in
the imported PKCS#12 file. The maximum size is 64 characters.
Chapter 4 C Commands
OL-18089-01, Cisco MDS NX-OS Release 4.x