D-Link DXS-3600 Series Reference Manual page 1086

DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide
crypto pki import TRUSTPOINT pem tftp://IP-ADDRESS/[DIRECTORY/]FILE-NAME [password
PASSWORD-PHRASE] {ca | local | both}
Parameters
TRUSTPOINT
FILE-SYSTEM
DIRECTORY
FILE-NAME
password PASSWORD-
PHRASE
tftp
IP-ADDRESS
ca
local
both
Default
None.
Command Mode
Privileged EXEC Mode.
Command Default Level
Level: 12.
Usage Guideline
This command allows administrators to import certificates and key pairs in the PEM-formatted files.
Proper certificates and key pairs need to be imported to the switch according to the desired key exchange
algorithm. RSA and DSA certificates/key pairs should be imported for RSA and DHS-DSS respectively.
RSA and DSA certificates and keys are incompatible. An SSL client that has only an RSA certificate and
key cannot establish a connection with an SSL server that has only a DSA certificate and key.
The imported certificate(s) may form a certificate chain which establishes a sequence of trusted
certificates from a peer certificate to the root CA certificate. The trust point CA is the certificate authority
configured on the switch as the trusted CA. Any obtained peer certificate will be accepted if it is signed by
a locally trusted CA or its subordinates.
If the specified trust point doesn't exist, an error message will be prompted.
Example
This example shows how to import certificates (CA and local) and key pair files to trust-point "TP1" via
TFTP.
Switch# configure terminal
Switch(config)# crypto pki import TP1 pem tftp://10.1.1.2/name/msca password abcd1234
both
Specifies the name of the trust-point that is associated with the
imported certificates and key pairs.
Specifies the file system for certificates and key pairs. A colon (:) is
required after the specified file system.
(Optional) Specifies the directory name where the switch should import
the certificates and key pairs in the switch or TFTP server.
Specifies the name of the certificates and key pairs to be imported. By
default, the switch will append this name with .ca, .prv and .crt for CA
certificate, private key and certificate respectively.
(Optional) Specifies the encrypted password phrase that is used to
undo encryption when the private keys are imported. The password
phrase is a string of up to 64 characters. If the password phrase is not
specified, the NULL string will be used.
Specifies the source URL for a TFTP network server.
Specifies the IP address of the TFTP server.
Specifies to import the CA certificate only.
Specifies to import local certificate and key pairs only.
Specifies to import the CA certificate, local certificate and key pairs.
1086