Public Key Infrastructure (PKI) Commands
Page 164 7450 ESS System Mangement Guide
→ PKCS #7 DER encoded
→ PEM
→ DER
Note that if there are multiple objects with same type in the input file, only first object will be
extracted and converted.
Default none
Parameters input url-string — Specifies the URL for the input file. This URL could be either a local CF card
URL file or a FP URL to download the input file.
output url-string — Specifies the name of output file up to 95 characters in length. The output
directory depends on the file type like following:
• Key: cf3:\system-pki\key
• Cert: cf3:\system-pki\cert
• CRL: cf3:\system-pki\CRL
Values url-string <local-url> - [99 chars max]
local-url <cflash-id>/<file-path>
cflash-id cf1:|cf2:|cf3:
type — The type of input file.
Values cert, key, crl
format — Specifies the format of input file.
Values pkcs12, pkcs7-der, pkcs7-pem, pem, der
password — Specifies the password to decrypt the input file in case that it is a encrypted PKCS#12
file.
reload
Syntax reload type {cert|key|cert-key-pair} filename [key-file filename]
Context admin>certificate
Description This command reloads imported certificate or key file or both at the same time. This command is typ-
ically used to update certificate/key file without shutting down ipsec-tunne/ipsec-gw/cert-profile/
ca-profile. Note that type cert and type key will be deprecated in a future release. Use type cert-
key-pair instead. Instead of type cert use type key instead.
• If the new file exists and valid, then for each tunnel using it:
→ If the key matches the certificate, then the new file will be downloaded to the MS-ISA
to be used the next time. Tunnels currently up are not affected.
→ If the key does not match the certificate:
→ If cert and key configuration is used instead of cert-profile then the tunnel will be
brought down.
To Next Page
Loading...
