Crypto pki import pem, Related Commands | Cisco Systems 6500

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

crypto pki export pem

You can change the default file extensions when prompted. The default file extensions are as follows:

•public key (.pub)

•private key (.prv)

•certificate (.crt)

•CA certificate (.ca)

•signature key (-sign)

•encryption key (-encr)

Note In SSL software release 1.2, only the private key (.prv), the server certificate (.crt), and the issuer CA certificate (.ca) of the server certificate are exported. To export the whole certificate chain, including all the CA certificates, use a PKCS12 file instead of PEM files.

Examples	This example shows how to export a PEM-formatted file on the SSL Services Module:
	ssl-proxy(config)#crypto ca export TP5 pem url tftp://10.1.1.1/tp99 3des password
	% Exporting CA certificate...
	Address or name of remote host [10.1.1.1]?
	Destination filename [tp99.ca]?
	% File 'tp99.ca' already exists.
	% Do you really want to overwrite it? [yes/no]: yes
	!Writing file to tftp://10.1.1.1/tp99.ca!
	% Key name: key1
	Usage: General Purpose Key
	% Exporting private key...
	Address or name of remote host [10.1.1.1]?
	Destination filename [tp99.prv]?
	% File 'tp99.prv' already exists.
	% Do you really want to overwrite it? [yes/no]: yes
	!Writing file to tftp://10.1.1.1/tp99.prv!
	% Exporting router certificate...
	Address or name of remote host [10.1.1.1]?
	Destination filename [tp99.crt]?
	% File 'tp99.crt' already exists.
	% Do you really want to overwrite it? [yes/no]: yes
	!Writing file to tftp://10.1.1.1/tp99.crt!
	ssl-proxy(config)#
	crypto pki import pem
Related Commands	crypto pki import pem

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-8	OL-9105-01

Image 34

Cisco Systems 6500 manual Crypto pki import pem, Related Commands

Contents

Corporate Headquarters Text Part Number OL-9105-01Page N T E N T S Iii Natpool Acronyms A-1 OL-9105-01 Related Documentation AudienceOrganization Chapter Title Description Boldface font ConventionsConvention Description Example, interface interface type Obtaining Documentation Cisco.com Documentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Submitting a Service Request Xii Obtaining Additional Publications and Information Xiii Xiv Getting Help This chapter includes the following sections How to Find Command Options Command Comment After you enter the mode keyword Must enter next on the command lineMode keyword Complete the command. If additional Configure terminal privileged Exec Understanding Command ModesCommand Mode Access Method Prompt Exit Method Configure terminal Image using the boot system flash filename Using the No and Default Forms of CommandsInterface command With an interface Using the CLI String Search Character Special Meaning AbcdABCD \$ \ \+Aeiou DA-D Ba?b Telebit 3107 v32bisCharacter This string matches any number of asterisks Abcd Za-z0-9+Codex telebit $\.12 1300$ 1300space space1300 1300, ,1300, 1300 ,1300 For example1300 With OL-9105-01 A P T E R Clear ssl-proxy conn DefaultsCommand Modes Command History Release Modification Clear ssl-proxy content Defaults Command Modes Command History Clear ssl-proxy session Usage Guidelines Clear ssl-proxy stats Ssl-proxy#clear ssl-proxy stats Des Crypto pki export pemTerminal 3des Related Commands Crypto pki import pem Exportable Defaults Command HistoryCrypto pki import pem Usage-keys Crypto pki export pem Crypto pki export pkcs12 This example shows how to export a PKCS12 file using SCP Crypto pki import pkcs12 Filename TP2? /users/admin-1/pkcs12/TP2.p12 This example shows how to import a PKCS12 file using SCPCrypto Passphrase passphrase Crypto key decrypt rsaName key-name Crypto key encrypt rsa Crypto key decrypt rsa Crypto key encrypt rsaCrypto key lock rsa Keylabel Name of the key Crypto key export rsa pemOptional Specifies that the key can be exported Key nametest-keys UsageGeneral Purpose Key Null-Imports from the null file system Crypto key import rsa pemInstead of one general-purpose key pair System-Imports from the system file system PEM-formatted RSA key to the SSL Services Module Name key-name Optional Name of the key Crypto key lock rsaCrypto key lock rsa name key-namepassphrase passphrase Passphrase passphrase Crypto key unlock rsa Crypto key unlock rsa name key-namepassphrase passphrase Debug ssl-proxy Command History Release Modification This example shows how to turn on App debugging Command EXEC-level command to be executed Do commandConfiguration mode Interface ssl-proxy Syntax Description Defaults Command Modes Command HistorySyntax Description Standby timers Standby authenticationStandby delay minimum reload Standby ip Ssl-proxy config# interface ssl-proxy Ssl-proxyconfig-subif#ip address 208.59.100.18 Natpool Context subcommand modeThis example shows how to define a pool of IP addresses Natpool nat-pool-name startipaddr endipaddr netmask netmask Interval seconds Syntax Description Defaults Command ModesPolicy health-probe tcp Failed-interval seconds Ssl-proxyconfig-context#policy health-probe tcp probe1 Open-timeout secondsSsl-proxyconfig#ssl-proxy context ssl Running on server IP addressPage Alias Policy http-headerClient-cert pem Policy that is applied to the payload Field To Insert Description Client-cert pem Inserts the custom-stringheader into the Http header Client-ip-portCustom custom-string Prefix Related Commands show ssl-proxy policy SSL-OFFLOAD-SOFTWARE VERSION3.11 Timeout session timeout absolute Close-protocol is disabledSession-caching is enabled Policy ssl SSL-Policy Configuration Submode Command Descriptions Help Renegotiation volume sizeTimeout handshake timeout Renegotiation interval time OL-9105-01 This example shows how to enable a session cache This example shows how to disable a session cache OL-9105-01 Policy tcp No timeout fin-wait timeout-in-seconds Delayed-ack-threshold delayDelayed-ack-timeout timer No timeout inactivity timeout-in-seconds No tos carryover No timeout reassembly timeForm of this command to return to the default setting Server to client connection, the server connection must be Ssl-proxy config-ctx-tcp-policy# mss Policy url-rewrite Ssl-proxyconfig-context#ssl-proxy policy url-rewrite test1 Redirectonly Pool ca ca-pool-name Pool caCa-pool-name Certificate authority pool name Service Inservice Authenticate verify all signature-onlyDefault certificate inservice nat server Certificate rsa general-purpose trustpoint Virtual policy tcp Virtual policy ssl ssl-policy-nameVlan vlan Related Commands show ssl-proxy service Service client Policy health-probe tcp Policy http-header Virtual policy tcp Nat server client natpool-nameVirtual policy ssl ssl-policy-name Vlan vlan Ssl-proxy config-ctx-ssl-proxy# server policy tcp tcppl1 Policy tcp Show interfaces ssl-proxyShow interfaces ssl-proxy 0.subinterface Show ionterfaces Show ssl-proxy buffers This command has no default settingsShow ssl-proxy buffers Ssl-proxy#show ssl-proxy buffers Specific proxy service Show ssl-proxy certificate-history service nameService name Show ssl-proxy certificate-history Ssl-proxy# show ssl-proxy certificate-history Record 1, Timestamp000051, 163634 UTC Oct 31 Related Commands service Local Show ssl-proxy conn4tuple Remote Context name Module module Ssl-proxy#show ssl-proxy conn 200.200.1438814 58796 Show ssl-proxy context name Context DefaultShow ssl-proxy context Name Optional Name of the context Brief Show ssl-proxy crash-infoShow ssl-proxy crash-info brief details Details Stack top Printing 1024 bytes from stack top Ssl-proxy#show ssl-proxy crash-info brief Show ssl-proxy mac address Show ssl-proxy mac addressSsl-proxy#show ssl-proxy mac address Context name Show ssl-proxy natpoolShow ssl-proxy natpool namecontext name Natpool Http-header Show ssl-proxy policyHealth-probe tcp Url-rewrite Ssl-proxy#show ssl-proxy policy ssl ssl-policy1 Ssl-proxy#show ssl-proxy policy tcp tcp-policy1 Ssl-proxy#show ssl-proxy policy health-probe tcp tcp-health Ssl-proxy#show ssl-proxy service Show ssl-proxy serviceShow ssl-proxy service namecontext name Ssl-proxy#show ssl-proxy service S6 Service client Show ssl-proxy stats ContentShow ssl-proxy stats type Stats This example shows how to display the TCP statistics This example shows how to display the PKI statistics Ssl-proxy#show ssl-proxy stats context Context name Default This example shows how to display context statisticsSsl-proxy# show ssl-proxy stats hdr This example shows how to display content statistics Ssl-proxy#show ssl-proxy stats content Show ssl-proxy status fdu ssl tcp Show ssl-proxy statusShow ssl-proxy status TCP cpu is alive Show ssl-proxy version Show ssl-proxy versionSsl-proxy#show ssl-proxy version Debug Show ssl-proxy vlanShow ssl-proxy vlan vlan-iddebugmodule module Optional Displays debug information Snmp-server enable Defaults Command Modes Command History Examples Ssl-proxy context name No ssl-proxy context name Command Purpose and Guidelines DefaultsSsl-proxy context Description description Policy url-rewrite policy-name Policy ssl policy-namePolicy tcp policy-name Pool ca name Ssl-proxy crypto selftest Seconds Global configurationThis example shows how to start a cryptographic self-test Time-interval Ssl-proxy config# ssl-proxy mac address 00e0.b0ff.f232 This example shows how to configure a MAC addressRelated Commands show ssl-proxy mac address Ssl-proxy mac address Ssl-proxy pki This example shows how to enable PKI event-history This example shows how to specify the cache sizeRelated Commands show ssl-proxy stats Ssl-proxy crypto key unlock rsa Key-name Name of the key Passphrase Pass phrase Ssl-proxy ip-frag-ttl Time is 6 seconds Global configurationSsl-proxyconfig#ssl-proxy ip-frag-ttl Ssl-proxy ip-frag-ttl time Ssl-proxy ssl ratelimit Ssl-proxy config# ssl-proxy ssl ratelimitSsl-proxy config# no ssl-proxy ssl ratelimit Ssl-proxy ssl ratelimit No ssl-proxy ssl ratelimit Standby authentication Group-number is String is cisco Standby delay minimum reload Min-delay is 1 second Reload-delay is 5 seconds Ssl-proxyconfig#interface ssl-proxy Show standby delaySsl-proxyconfig-subif#standby delay minimum 30 reload Secondary Defaults Command Modes Command History Usage GuidelinesStandby ip Group-number is Used by the hot standby group is learned using Hsrp 100 No standby group-numbermac-address Standby mac-addressStandby group-numbermac-addressmac-address Mac-address MAC address Show standby Ssl-proxyconfig-subif#standby 1 mac-addressThat is used in the end nodes 102 Standby mac-refresh seconds no standby mac-refresh Standby mac-refresh103 Standby name group-name No standby name group-name Hsrp is disabledStandby name Group-name Name of the standby group Standby preempt 105 Clients Operation returns to the default behaviorLeaves any synchronization delay if it was configured To become the active router No standby group-numberpriority priority Standby priorityStandby group-numberpriority priority Group-number is Priority is This example shows how to change the router priority 108 Standby redirects 109 Show standby redirect Related Commands show standbySsl-proxyconfig-subif#standby redirects timers 90 110 Optional Specifies the interval in milliseconds Standby timersMsec 111 112 Or comes back up Standby trackDecrement priority 113 Related Commands standby preempt Router a ConfigurationRouter B Configuration 114 Scope interface Standby use-biaStandby use-bia scope interface no standby use-bia On which it was entered, instead of the major interface Standby version 1 This example shows how to configure Hsrp versionStandby version Specifies Hsrp version Acronym Expansion CDP CbacCCA CEF Dscp DramDsap Dspu IDB ICDIcmp IDP Mdss MD5Mdix MFD Ospf OSIOSM PAE Rommon RmonROM RPC SVI STPSVC TACACS+ XNS Weighted round-robinWRR Xerox Network System OL-9105-01 Acknowledgments for Open-Source Software OL-9105-01 $ character # character privileged Exec mode promptAsterisk + plus sign Period ? command Caret IN-1 IN-2 IN-3 IN-4 TCP IN-5 Configuration submode User Exec mode, summary IN-6