Send documentation comments to mdsfeedback-doc@cisco.com
4-114
Cisco MDS 9000 Family Command Reference
OL-8413-07, Cisco MDS SAN-OS Release 3.x
Chapter 4 C Commands
crypto ca import
crypto ca import
To import the identity certificate alone in PEM format or the identity certificate and associated RSA key
pair and CA certificate (or certificate chain) in Public-Key Cryptography Standards (PKCS) #12 form,
use the crypto ca import command in configuration mode.
crypto ca import trustpoint-label {certificate | pkcs12 source-file-url pkcs12-password}
Syntax Description
Defaults None.
Command Modes Configuration mode.
Command History
Usage Guidelines The first form of the command, crypto ca import trustpoint-label certificate, is used to import (by cut
and paste means) the identity certificate obtained from the CA, corresponding to the enrollment request
generated earlier in the trust point and submitted to the CA. The administrator is prompted to cut and
paste the certificate.
The second form of the command, crypto ca import trustpoint-label pkcs12 source-file-url
pkcs12-password, is used to import the complete identity information (that is, the identity certficate and
associated RSA key pair and CA certificate or certficate chain) into an empty trust point. This command
is useful for restoring the configuration after a system goes down.
Note The trust point configuration (created by the crypto ca trustpoint command) is persistent only if saved
explicitly using the copy running-config startup-config command. The certificates and CRL associated
to a trust point are automatically made persistent if the trust point in question was already saved in the
startup configuration. Conversely, if the trust point was not saved in the startup configuration, the
certificates and CRL associated to it are not made persistent automatically because they do not exist
without the corresponding trust point after the switch reboots.
To ensure the that the configured certificates, CRLs and key pairs are made persistent, always save the
running configuration to the startup configuration
trustpoint-label Specifies the name of the trust point. The maximum size is 64
characters.
pkcs12 source-file-url Specifies a source file in bootflash:filename format. The maximum size
is 512 characters.
pkcs12-password Specifies the password that was used to protect the RSA private key in
the imported PKCS#12 file. The maximum size is 64 characters.
Release Modification
3.0(1) This command was introduced.
To Next Page
Loading...
Need help?
General
