import(self-signed leaf certificate)
Syntax
import terminal self-signed [passwordDescription
Imports a self-signed leaf certificate including its matching private key.
Parameters
-
terminal -
Import the certificate by pasting PEM-format data at the console. Upon execution, the
config-cert-importcontext is entered for certificate pasting. To complete certificate data entry press Control-D in your terminal program. Alternatively, the pasted certificate data can include at its end the delimiterEND_OF_CERTIFICATE(after the-----END CERTIFICATE-----line), making entry of Control-D unnecessary. -
-
Specifies a certificate data file on a remote TFTP or SFTP server. The URL syntax is:
{tftp:// | sftp://@} { | } [: ] [; blocksize = ]/ -
-
Available on switch families that provide USB device file import capability, specifies a certificate data file on a USB storage device inserted in the switch USB port. The URL syntax is:
usb:/ -
password - Specifies the plaintext password used to decrypt the private key in the imported certificate data. When this parameter is omitted, the password is prompted for as required. Range: 1 to 32 alphanumeric characters.
-
vrf -
Specifies the name of the VRF to use for the remote URL file transfer. The default is
mgmt.
Command context
config-cert-
Authority
Administrators or local user group members with execution rights for this command.
Usage
This command cannot be used with the default certificate
local-cert.The PEM data format is supported for all import sources. The PKCS#12 data format is supported for
- The PEM data must be delimited with these lines for the certificate data:
And the PEM data must be delimited with either of these line pairs for the private key data:——开始证书 ----- ----- 在D CERTIFICATE----------BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY-----
Example
Importing a self-signed leaf certificate from the console:
switch(config)#crypto pki certificate ss-leaf-certswitch(config-cert-ss-leaf-cert)#import terminal self-signedPaste the certificate in PEM format below, then hit enter and ctrl-D: switch(config-cert-import)# -----BEGIN CERTIFICATE----- switch(config-cert-import)# MIID2TCCAsGgAwIBAgIJAKcrqokm6p9GMA0GCSqGSIb3DQEBCwUAM switch(config-cert-import)# tDCCA5ygAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgYgxCzABAYTAl switch(config-cert-import)# VQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgNVBAcMBFJvc2UxDDAKB ... switch(config-cert-import)# +fWQLxhp+jKJGZGOZz/FENt2uSfZHzlXiu8n3g+EgqExenY1pBRJr switch(config-cert-import)# VuEEoNb/YfkPXHHva4Zfx223q+f694wlVsHkENSzqr2goHpa2fOzq switch(config-cert-import)# alewwdmVqCES+x8bvhf3C/6IB6ePkEsnMlHNTeM= switch(config-cert-import)# -----END CERTIFICATE----- switch(config-cert-import)# -----BEGIN ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIt8Ni3 switch(config-cert-import)# MBQGCCqGSIb3DQMHBAiBHrejkcdpdASCBMjVxrrYYPNt3V1abr9k8 switch(config-cert-import)# 5GE0U99awh9ys4360WR95xOFGThvjkTyRWG511nGwVeLZs/7TPXWI ... switch(config-cert-import)# hzc5ZT/w2F08icRI5mFbGoTAAw9IIWMOXGweaWQJDyKGrhg89GrnV switch(config-cert-import)# M2UuP/tYuuO328QcenKZEJmZKCbx78oFRR+pgma4oeMaFTIyXE6Pr switch(config-cert-import)# GAdCK8tkDiJ9DKbqdM5W0/nTJfqwUQlfl27dNrBAodsHdrw3UR99H switch(config-cert-import)# SPo= switch(config-cert-import)# -----END ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# Enter import password:*******Leaf certificate is validated as self-signed certificate and imported successfully. switch(config-cert-ss-leaf-cert)#
Importing a leaf certificate from a remote file:
switch(config)#crypto pki certificate ss-leaf-cert2switch(config-cert-ss-leaf-cert2)#import tftp://1.1.1.2/ss2.p12 self-signed% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3230 100 3230 0 0 875k 0 --:--:-- --:--:-- --:--:-- 875k 100 3230 100 3230 0 0 831k 0 --:--:-- --:--:-- --:--:-- 831k Enter import password:*******Leaf certificate is validated as self-signed certificate and imported successfully. switch(config-cert-ss-leaf-cert2)#