Cisco Systems 6500 manual Crypto key unlock rsa

Page 48

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

crypto key unlock rsa

crypto key unlock rsa

To unlock the encrypted private key, use the crypto key unlock rsa command.

crypto key unlock rsa [name key-name]passphrase passphrase

Syntax Description

name key-name

(Optional) Name of the key.

 

passphrase passphrase

Pass phrase.

 

 

 

Defaults

Command Modes

Command History

This command has no default settings.

EXEC

Release

Modification

SSL Services Module

Support for this command was introduced on the Catalyst 6500 series

Release 3.1(1)

SSL Services Module.

 

 

Examples

This example shows how to lock the key “pki1-72a.cisco.com.” Enter the show crypto key mypubkey

 

rsa command to verify that the key is protected (encrypted) and locked.

 

ssl-proxy#crypto key unlock rsa name pki1-72a.cisco.com passphrase cisco1234

 

...

 

 

 

 

 

 

 

*Jun 18 00:26:08.275: %STE-5-UPDOWN: ssl-proxy service vip1 changed state to UP

 

...

 

 

 

 

 

 

 

ssl-proxy#show crypto key mypubkey rsa

 

 

 

Key name:pki1-72a.cisco.com

 

 

 

 

 

Usage:General Purpose Key

 

 

 

 

 

*** The key is protected and UNLOCKED. ***

 

 

 

Key is exportable.

 

 

 

 

 

 

Key Data:

 

 

 

 

 

 

 

305C300D

06092A86

4886F70D

01010105

00034B00

30480241

00D7808D C5FF14AC

 

...

 

 

 

 

 

 

 

% Key pair was generated at: 16:00:11 PST Feb 28 2002

 

ssl-proxy#

Related Commands crypto key decrypt rsa

crypto key encrypt rsa

crypto key lock rsa

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-22

OL-9105-01

 

 

Image 48
Contents Corporate Headquarters Text Part Number OL-9105-01Page N T E N T S IiiNatpool Acronyms A-1 OL-9105-01 Audience OrganizationRelated Documentation Chapter Title DescriptionConventions Convention DescriptionBoldface font Example, interface interface typeObtaining Documentation Cisco.comDocumentation Feedback Cisco Product Security OverviewReporting Security Problems in Cisco Products Obtaining Technical AssistanceSubmitting a Service Request XiiObtaining Additional Publications and Information XiiiXiv Getting Help This chapter includes the following sectionsHow to Find Command Options Command Comment Must enter next on the command line Mode keywordAfter you enter the mode keyword Complete the command. If additionalUnderstanding Command Modes Command Mode Access Method Prompt Exit MethodConfigure terminal privileged Exec Configure terminalUsing the No and Default Forms of Commands Interface commandImage using the boot system flash filename With an interfaceUsing the CLI String Search Character Special Meaning\$ \ \+ AeiouAbcdABCD DA-DTelebit 3107 v32bis CharacterBa?b This string matches any number of asterisksZa-z0-9+ Codex telebitAbcd $\.12For example 13001300$ 1300space space1300 1300, ,1300, 1300 ,1300 WithOL-9105-01 A P T E R Defaults Command Modes Command HistoryClear ssl-proxy conn Release ModificationClear ssl-proxy content Defaults Command Modes Command HistoryClear ssl-proxy session Usage GuidelinesClear ssl-proxy stats Ssl-proxy#clear ssl-proxy stats Crypto pki export pem TerminalDes 3desRelated Commands Crypto pki import pemDefaults Command History Crypto pki import pemExportable Usage-keysCrypto pki export pem Crypto pki export pkcs12 This example shows how to export a PKCS12 file using SCP Crypto pki import pkcs12 This example shows how to import a PKCS12 file using SCP Filename TP2? /users/admin-1/pkcs12/TP2.p12Crypto Crypto key decrypt rsa Name key-namePassphrase passphrase Crypto key encrypt rsaCrypto key encrypt rsa Crypto key decrypt rsaCrypto key lock rsa Crypto key export rsa pem Keylabel Name of the keyOptional Specifies that the key can be exported Key nametest-keys UsageGeneral Purpose Key Crypto key import rsa pem Instead of one general-purpose key pairNull-Imports from the null file system System-Imports from the system file systemPEM-formatted RSA key to the SSL Services Module Crypto key lock rsa Crypto key lock rsa name key-namepassphrase passphraseName key-name Optional Name of the key Passphrase passphraseCrypto key unlock rsa Crypto key unlock rsa name key-namepassphrase passphraseDebug ssl-proxy Command History Release Modification This example shows how to turn on App debugging Do command Command EXEC-level command to be executedConfiguration mode Syntax Description Defaults Command Modes Command History Interface ssl-proxySyntax Description Standby authentication Standby delay minimum reloadStandby timers Standby ipSsl-proxy config# interface ssl-proxy Ssl-proxyconfig-subif#ip address 208.59.100.18Context subcommand mode This example shows how to define a pool of IP addressesNatpool Natpool nat-pool-name startipaddr endipaddr netmask netmaskSyntax Description Defaults Command Modes Policy health-probe tcpInterval seconds Failed-interval secondsOpen-timeout seconds Ssl-proxyconfig#ssl-proxy context sslSsl-proxyconfig-context#policy health-probe tcp probe1 Running on server IP addressPage Policy http-header Client-cert pemAlias Policy that is applied to the payloadField To Insert Description Client-cert pem Client-ip-port Custom custom-stringInserts the custom-stringheader into the Http header PrefixRelated Commands show ssl-proxy policy SSL-OFFLOAD-SOFTWARE VERSION3.11Close-protocol is disabled Session-caching is enabledTimeout session timeout absolute Policy sslSSL-Policy Configuration Submode Command Descriptions Renegotiation volume size Timeout handshake timeoutHelp Renegotiation interval timeOL-9105-01 This example shows how to enable a session cache This example shows how to disable a session cacheOL-9105-01 Policy tcp Delayed-ack-threshold delay Delayed-ack-timeout timerNo timeout fin-wait timeout-in-seconds No timeout inactivity timeout-in-secondsNo timeout reassembly time Form of this command to return to the default settingNo tos carryover Server to client connection, the server connection must beSsl-proxy config-ctx-tcp-policy# mss Policy url-rewrite Ssl-proxyconfig-context#ssl-proxy policy url-rewrite test1 RedirectonlyPool ca Pool ca ca-pool-nameCa-pool-name Certificate authority pool name Service Authenticate verify all signature-only Default certificate inservice nat serverInservice Certificate rsa general-purpose trustpointVirtual policy ssl ssl-policy-name Virtual policy tcpVlan vlan Related Commands show ssl-proxy service Service client Policy health-probe tcp Policy http-headerNat server client natpool-name Virtual policy ssl ssl-policy-nameVirtual policy tcp Vlan vlanSsl-proxy config-ctx-ssl-proxy# server policy tcp tcppl1 Show interfaces ssl-proxy Show interfaces ssl-proxy 0.subinterfacePolicy tcp Show ionterfacesThis command has no default settings Show ssl-proxy buffersShow ssl-proxy buffers Ssl-proxy#show ssl-proxy buffersShow ssl-proxy certificate-history service name Service nameSpecific proxy service Show ssl-proxy certificate-historySsl-proxy# show ssl-proxy certificate-history Record 1, Timestamp000051, 163634 UTC Oct 31Related Commands service Show ssl-proxy conn 4tupleLocal RemoteContext name Module module Ssl-proxy#show ssl-proxy conn200.200.1438814 58796 Context Default Show ssl-proxy contextShow ssl-proxy context name Name Optional Name of the contextShow ssl-proxy crash-info Show ssl-proxy crash-info brief detailsBrief DetailsStack top Printing 1024 bytes from stack top Ssl-proxy#show ssl-proxy crash-info briefShow ssl-proxy mac address Show ssl-proxy mac addressSsl-proxy#show ssl-proxy mac address Show ssl-proxy natpool Show ssl-proxy natpool namecontext nameContext name NatpoolShow ssl-proxy policy Health-probe tcpHttp-header Url-rewriteSsl-proxy#show ssl-proxy policy ssl ssl-policy1 Ssl-proxy#show ssl-proxy policy tcp tcp-policy1Ssl-proxy#show ssl-proxy policy health-probe tcp tcp-health Show ssl-proxy service Show ssl-proxy service namecontext nameSsl-proxy#show ssl-proxy service Ssl-proxy#show ssl-proxy service S6Service client Content Show ssl-proxy statsShow ssl-proxy stats type Stats This example shows how to display the TCP statistics This example shows how to display the PKI statisticsThis example shows how to display context statistics Ssl-proxy#show ssl-proxy stats context Context name DefaultSsl-proxy# show ssl-proxy stats hdr This example shows how to display content statistics Ssl-proxy#show ssl-proxy stats contentShow ssl-proxy status Show ssl-proxy status fdu ssl tcpShow ssl-proxy status TCP cpu is alive Show ssl-proxy version Show ssl-proxy versionSsl-proxy#show ssl-proxy version Show ssl-proxy vlan Show ssl-proxy vlan vlan-iddebugmodule moduleDebug Optional Displays debug informationSnmp-server enable Defaults Command Modes Command History ExamplesCommand Purpose and Guidelines Defaults Ssl-proxy contextSsl-proxy context name No ssl-proxy context name Description descriptionPolicy ssl policy-name Policy tcp policy-namePolicy url-rewrite policy-name Pool ca nameSeconds Global configuration This example shows how to start a cryptographic self-testSsl-proxy crypto selftest Time-intervalThis example shows how to configure a MAC address Related Commands show ssl-proxy mac addressSsl-proxy config# ssl-proxy mac address 00e0.b0ff.f232 Ssl-proxy mac addressSsl-proxy pki This example shows how to specify the cache size This example shows how to enable PKI event-historyRelated Commands show ssl-proxy stats Ssl-proxy crypto key unlock rsa Key-name Name of the key Passphrase Pass phraseTime is 6 seconds Global configuration Ssl-proxyconfig#ssl-proxy ip-frag-ttlSsl-proxy ip-frag-ttl Ssl-proxy ip-frag-ttl timeSsl-proxy config# ssl-proxy ssl ratelimit Ssl-proxy config# no ssl-proxy ssl ratelimitSsl-proxy ssl ratelimit Ssl-proxy ssl ratelimit No ssl-proxy ssl ratelimitStandby authentication Group-number is String is ciscoStandby delay minimum reload Min-delay is 1 second Reload-delay is 5 secondsShow standby delay Ssl-proxyconfig#interface ssl-proxySsl-proxyconfig-subif#standby delay minimum 30 reload Defaults Command Modes Command History Usage Guidelines Standby ipSecondary Group-number isUsed by the hot standby group is learned using Hsrp 100Standby mac-address Standby group-numbermac-addressmac-addressNo standby group-numbermac-address Mac-address MAC addressSsl-proxyconfig-subif#standby 1 mac-address That is used in the end nodesShow standby 102Standby mac-refresh Standby mac-refresh seconds no standby mac-refresh103 Hsrp is disabled Standby nameStandby name group-name No standby name group-name Group-name Name of the standby groupStandby preempt 105Operation returns to the default behavior Leaves any synchronization delay if it was configuredClients To become the active routerStandby priority Standby group-numberpriority priorityNo standby group-numberpriority priority Group-number is Priority isThis example shows how to change the router priority 108Standby redirects 109Related Commands show standby Ssl-proxyconfig-subif#standby redirects timers 90Show standby redirect 110Standby timers MsecOptional Specifies the interval in milliseconds 111112 Standby track Decrement priorityOr comes back up 113Router a Configuration Router B ConfigurationRelated Commands standby preempt 114Standby use-bia Standby use-bia scope interface no standby use-biaScope interface On which it was entered, instead of the major interfaceThis example shows how to configure Hsrp version Standby versionStandby version 1 Specifies Hsrp versionAcronym Expansion Cbac CCACDP CEFDram DsapDscp DspuICD IcmpIDB IDPMD5 MdixMdss MFDOSI OSMOspf PAERmon ROMRommon RPCSTP SVCSVI TACACS+Weighted round-robin WRRXNS Xerox Network SystemOL-9105-01 Acknowledgments for Open-Source Software OL-9105-01 # character privileged Exec mode prompt Asterisk + plus sign Period ? command Caret$ character IN-1IN-2 IN-3 IN-4 TCP IN-5Configuration submode User Exec mode, summary IN-6
Related manuals
Manual 20 pages 62.17 Kb Manual 112 pages 18.84 Kb Manual 262 pages 31.67 Kb