Cisco Systems Understanding crypto key Cisco Commands Including show crypto key mypubkey rsa
Page 47

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

crypto key lock rsa

crypto key lock rsa

To lock the encrypted private key, use the crypto key lock rsa command.

crypto key lock rsa [name key-name]passphrase passphrase

Syntax Description

name key-name

(Optional) Name of the key.

 

passphrase passphrase

Pass phrase.

 

 

 

Defaults

Command Modes

Command History

This command has no default settings.

EXEC

Release

Modification

SSL Services Module

Support for this command was introduced on the Catalyst 6500 series

Release 3.1(1)

switches.

 

 

Usage Guidelines After the key is locked, it cannot be used to authenticate the router to a peer device. This behavior disables any IPsec or SSL connections that use the locked key.

Any existing IPsec tunnels created on the basis of the locked key will be closed.

If all RSA keys are locked, SSH will automatically be disabled.

Examples

This example shows how to lock the key “pki1-72a.cisco.com.” Enter the show crypto key mypubkey

 

rsa command to verify that the key is protected (encrypted) and locked.

 

ssl-proxy#

crypto key lock rsa name pki1-72a.cisco.com passphrase cisco1234

 

ssl-proxy#

show crypto key mypubkey rsa

 

 

 

Key name:pki1-72a.cisco.com

 

 

 

 

 

Usage:General Purpose Key

 

 

 

 

 

*** The key is protected and LOCKED. ***

 

 

 

Key is exportable.

 

 

 

 

 

 

Key Data:

 

 

 

 

 

 

 

305C300D

06092A86

4886F70D

01010105

00034B00

30480241

00D7808D C5FF14AC

 

...

 

 

 

 

 

 

 

% Key pair

was generated at: 16:00:11 PST Feb 28 2002

 

ssl-proxy#

Related Commands crypto key decrypt rsa crypto key encrypt rsa crypto key unlock rsa

Catalyst 6500 Series Switch SSL Services Module Command Reference

 

OL-9105-01

2-21

 

 

 

Page 46 Page 48
Image 47
Page 46 Page 48
Contents Text Part Number OL-9105-01 Corporate HeadquartersPage Iii N T E N T SNatpool Acronyms A-1 OL-9105-01 Chapter Title Description AudienceOrganization Related DocumentationExample, interface interface type ConventionsConvention Description Boldface fontCisco.com Obtaining DocumentationCisco Product Security Overview Documentation FeedbackObtaining Technical Assistance Reporting Security Problems in Cisco ProductsXii Submitting a Service RequestXiii Obtaining Additional Publications and InformationXiv This chapter includes the following sections Getting HelpHow to Find Command Options Command Comment Complete the command. If additional Must enter next on the command lineMode keyword After you enter the mode keywordConfigure terminal Understanding Command ModesCommand Mode Access Method Prompt Exit Method Configure terminal privileged ExecWith an interface Using the No and Default Forms of CommandsInterface command Image using the boot system flash filenameCharacter Special Meaning Using the CLI String SearchDA-D \$ \ \+Aeiou AbcdABCDThis string matches any number of asterisks Telebit 3107 v32bisCharacter Ba?b$\.12 Za-z0-9+Codex telebit AbcdWith For example1300 1300$ 1300space space1300 1300, ,1300, 1300 ,1300OL-9105-01 A P T E R Release Modification DefaultsCommand Modes Command History Clear ssl-proxy connDefaults Command Modes Command History Clear ssl-proxy contentUsage Guidelines Clear ssl-proxy sessionClear ssl-proxy stats Ssl-proxy#clear ssl-proxy stats 3des Crypto pki export pemTerminal DesCrypto pki import pem Related CommandsUsage-keys Defaults Command HistoryCrypto pki import pem ExportableCrypto pki export pem Crypto pki export pkcs12 This example shows how to export a PKCS12 file using SCP Crypto pki import pkcs12 Crypto This example shows how to import a PKCS12 file using SCPFilename TP2? /users/admin-1/pkcs12/TP2.p12 Crypto key encrypt rsa Crypto key decrypt rsaName key-name Passphrase passphraseCrypto key lock rsa Crypto key encrypt rsaCrypto key decrypt rsa Optional Specifies that the key can be exported Crypto key export rsa pemKeylabel Name of the key Key nametest-keys UsageGeneral Purpose Key System-Imports from the system file system Crypto key import rsa pemInstead of one general-purpose key pair Null-Imports from the null file systemPEM-formatted RSA key to the SSL Services Module Passphrase passphrase Crypto key lock rsaCrypto key lock rsa name key-namepassphrase passphrase Name key-name Optional Name of the keyCrypto key unlock rsa name key-namepassphrase passphrase Crypto key unlock rsaDebug ssl-proxy Command History Release Modification This example shows how to turn on App debugging Configuration mode Do commandCommand EXEC-level command to be executed Syntax Description Syntax Description Defaults Command Modes Command HistoryInterface ssl-proxy Standby ip Standby authenticationStandby delay minimum reload Standby timersSsl-proxyconfig-subif#ip address 208.59.100.18 Ssl-proxy config# interface ssl-proxyNatpool nat-pool-name startipaddr endipaddr netmask netmask Context subcommand modeThis example shows how to define a pool of IP addresses NatpoolFailed-interval seconds Syntax Description Defaults Command ModesPolicy health-probe tcp Interval secondsRunning on server IP address Open-timeout secondsSsl-proxyconfig#ssl-proxy context ssl Ssl-proxyconfig-context#policy health-probe tcp probe1Page Policy that is applied to the payload Policy http-headerClient-cert pem AliasField To Insert Description Client-cert pem Prefix Client-ip-portCustom custom-string Inserts the custom-stringheader into the Http headerSSL-OFFLOAD-SOFTWARE VERSION3.11 Related Commands show ssl-proxy policyPolicy ssl Close-protocol is disabledSession-caching is enabled Timeout session timeout absoluteSSL-Policy Configuration Submode Command Descriptions Renegotiation interval time Renegotiation volume sizeTimeout handshake timeout HelpOL-9105-01 This example shows how to disable a session cache This example shows how to enable a session cacheOL-9105-01 Policy tcp No timeout inactivity timeout-in-seconds Delayed-ack-threshold delayDelayed-ack-timeout timer No timeout fin-wait timeout-in-secondsServer to client connection, the server connection must be No timeout reassembly timeForm of this command to return to the default setting No tos carryoverSsl-proxy config-ctx-tcp-policy# mss Policy url-rewrite Redirectonly Ssl-proxyconfig-context#ssl-proxy policy url-rewrite test1Ca-pool-name Certificate authority pool name Pool caPool ca ca-pool-name Service Certificate rsa general-purpose trustpoint Authenticate verify all signature-onlyDefault certificate inservice nat server InserviceVlan vlan Virtual policy ssl ssl-policy-nameVirtual policy tcp Related Commands show ssl-proxy service Policy health-probe tcp Policy http-header Service clientVlan vlan Nat server client natpool-nameVirtual policy ssl ssl-policy-name Virtual policy tcpSsl-proxy config-ctx-ssl-proxy# server policy tcp tcppl1 Show ionterfaces Show interfaces ssl-proxyShow interfaces ssl-proxy 0.subinterface Policy tcpSsl-proxy#show ssl-proxy buffers This command has no default settingsShow ssl-proxy buffers Show ssl-proxy buffersShow ssl-proxy certificate-history Show ssl-proxy certificate-history service nameService name Specific proxy serviceRecord 1, Timestamp000051, 163634 UTC Oct 31 Ssl-proxy# show ssl-proxy certificate-historyRelated Commands service Remote Show ssl-proxy conn4tuple LocalSsl-proxy#show ssl-proxy conn Context name Module module200.200.1438814 58796 Name Optional Name of the context Context DefaultShow ssl-proxy context Show ssl-proxy context nameDetails Show ssl-proxy crash-infoShow ssl-proxy crash-info brief details BriefSsl-proxy#show ssl-proxy crash-info brief Stack top Printing 1024 bytes from stack topSsl-proxy#show ssl-proxy mac address Show ssl-proxy mac addressShow ssl-proxy mac address Natpool Show ssl-proxy natpoolShow ssl-proxy natpool namecontext name Context nameUrl-rewrite Show ssl-proxy policyHealth-probe tcp Http-headerSsl-proxy#show ssl-proxy policy tcp tcp-policy1 Ssl-proxy#show ssl-proxy policy ssl ssl-policy1Ssl-proxy#show ssl-proxy policy health-probe tcp tcp-health Ssl-proxy#show ssl-proxy service S6 Show ssl-proxy serviceShow ssl-proxy service namecontext name Ssl-proxy#show ssl-proxy serviceService client Show ssl-proxy stats type ContentShow ssl-proxy stats Stats This example shows how to display the PKI statistics This example shows how to display the TCP statisticsSsl-proxy# show ssl-proxy stats hdr This example shows how to display context statisticsSsl-proxy#show ssl-proxy stats context Context name Default Ssl-proxy#show ssl-proxy stats content This example shows how to display content statisticsShow ssl-proxy status Show ssl-proxy statusShow ssl-proxy status fdu ssl tcp TCP cpu is alive Ssl-proxy#show ssl-proxy version Show ssl-proxy versionShow ssl-proxy version Optional Displays debug information Show ssl-proxy vlanShow ssl-proxy vlan vlan-iddebugmodule module DebugDefaults Command Modes Command History Examples Snmp-server enableDescription description Command Purpose and Guidelines DefaultsSsl-proxy context Ssl-proxy context name No ssl-proxy context namePool ca name Policy ssl policy-namePolicy tcp policy-name Policy url-rewrite policy-nameTime-interval Seconds Global configurationThis example shows how to start a cryptographic self-test Ssl-proxy crypto selftestSsl-proxy mac address This example shows how to configure a MAC addressRelated Commands show ssl-proxy mac address Ssl-proxy config# ssl-proxy mac address 00e0.b0ff.f232Ssl-proxy pki Related Commands show ssl-proxy stats This example shows how to specify the cache sizeThis example shows how to enable PKI event-history Key-name Name of the key Passphrase Pass phrase Ssl-proxy crypto key unlock rsaSsl-proxy ip-frag-ttl time Time is 6 seconds Global configurationSsl-proxyconfig#ssl-proxy ip-frag-ttl Ssl-proxy ip-frag-ttlSsl-proxy ssl ratelimit No ssl-proxy ssl ratelimit Ssl-proxy config# ssl-proxy ssl ratelimitSsl-proxy config# no ssl-proxy ssl ratelimit Ssl-proxy ssl ratelimitGroup-number is String is cisco Standby authenticationMin-delay is 1 second Reload-delay is 5 seconds Standby delay minimum reloadSsl-proxyconfig-subif#standby delay minimum 30 reload Show standby delaySsl-proxyconfig#interface ssl-proxy Group-number is Defaults Command Modes Command History Usage GuidelinesStandby ip Secondary100 Used by the hot standby group is learned using HsrpMac-address MAC address Standby mac-addressStandby group-numbermac-addressmac-address No standby group-numbermac-address102 Ssl-proxyconfig-subif#standby 1 mac-addressThat is used in the end nodes Show standby103 Standby mac-refreshStandby mac-refresh seconds no standby mac-refresh Group-name Name of the standby group Hsrp is disabledStandby name Standby name group-name No standby name group-name105 Standby preemptTo become the active router Operation returns to the default behaviorLeaves any synchronization delay if it was configured ClientsGroup-number is Priority is Standby priorityStandby group-numberpriority priority No standby group-numberpriority priority108 This example shows how to change the router priority109 Standby redirects110 Related Commands show standbySsl-proxyconfig-subif#standby redirects timers 90 Show standby redirect111 Standby timersMsec Optional Specifies the interval in milliseconds112 113 Standby trackDecrement priority Or comes back up114 Router a ConfigurationRouter B Configuration Related Commands standby preemptOn which it was entered, instead of the major interface Standby use-biaStandby use-bia scope interface no standby use-bia Scope interfaceSpecifies Hsrp version This example shows how to configure Hsrp versionStandby version Standby version 1Acronym Expansion CEF CbacCCA CDPDspu DramDsap DscpIDP ICDIcmp IDBMFD MD5Mdix MdssPAE OSIOSM OspfRPC RmonROM RommonTACACS+ STPSVC SVIXerox Network System Weighted round-robinWRR XNSOL-9105-01 Acknowledgments for Open-Source Software OL-9105-01 IN-1 # character privileged Exec mode promptAsterisk + plus sign Period ? command Caret $ characterIN-2 IN-3 IN-4 IN-5 TCPIN-6 Configuration submode User Exec mode, summary
Related manuals
Manual 20 pages 62.17 Kb Manual 112 pages 18.84 Kb Manual 262 pages 31.67 Kb
Top Page Image Contents