2-21
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
crypto key lock rsa
crypto key lock rsa
To lock the encrypted private key, use the crypto key lock rsa command.
crypto key lock rsa [name key-name] passphrase passphrase
Syntax Description
Defaults This command has no default settings.
Command Modes EXEC
Command History
Usage Guidelines After the key is locked, it cannot be used to authenticate the router to a peer device. This behavior
disables any IPsec or SSL connections that use the locked key.
Any existing IPsec tunnels created on the basis of the locked key will be closed.
If all RSA keys are locked, SSH will automatically be disabled.
Examples This example shows how to lock the key “pki1-72a.cisco.com.” Enter the show crypto key mypubkey
rsa command to verify that the key is protected (encrypted) and locked.
ssl-proxy# crypto key lock rsa name pki1-72a.cisco.com passphrase cisco1234
ssl-proxy# show crypto key mypubkey rsa
Key name:pki1-72a.cisco.com
Usage:General Purpose Key
*** The key is protected and LOCKED. ***
Key is exportable.
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00D7808D C5FF14AC
...
% Key pair was generated at: 16:00:11 PST Feb 28 2002
ssl-proxy#
Related Commands crypto key decrypt rsa
crypto key encrypt rsa
crypto key unlock rsa
name key-name (Optional) Name of the key.
passphrase passphrase Pass phrase.
Release Modification
SSL Services Module
Release 3.1(1)
Support for this command was introduced on the Catalyst 6500 series
switches.
To Next Page
Loading...
Need help?
General