1-16
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring Digital Certificates
  Configuring Digital Certificates
Importing a Trustpoint Configuration
To import a trustpoint configuration, enter the following command:
Examples
The following example manually imports PKCS12 data to the trustpoint Main with the passphrase 
Wh0zits:
hostname (config)# crypto ca import Main pkcs12 Wh0zits
Enter the base 64 encoded pkcs12.
End with a blank line or the word "quit" on a line by itself:
[ PKCS12 data omitted ]
quit
INFO: Import PKCS12 operation completed successfully
The following example manually imports a certificate for the trustpoint Main:
hostname (config)# crypto ca import Main certificate
% The fully-qualified domain name in the certificate will be: 
securityappliance.example.com
Enter the base 64 encoded certificate.
End with a blank line or the word “quit” on a line by itself
[ certificate data omitted ]
quit
INFO: Certificate successfully imported
Command Purpose
crypto ca import trustpoint pkcs12
Example:
hostname(config)# crypto ca import Main 
pkcs12
Imports keypairs and issued certificates that are associated with a 
trustpoint configuration. The ASA prompts you to paste the text into the 
terminal in base 64 format. The key pair imported with the trustpoint is 
assigned a label that matches the name of the trustpoint that you create.
Note If an ASA has trustpoints that share the same CA, you can use 
only one of the trustpoints that share the CA to validate user 
certificates. To control which trustpoint that shares a CA is used 
for validation of user certificates issued by that CA, use the 
support-user-cert-validation keyword.