Crypto pki import pem, Exportable, Usage-keys | Cisco Systems 6500

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

crypto pki import pem

crypto pki import pem

To import a PEM-formatted file to the SSL Services Module, use the crypto pki import pem command.

crypto pki import trustpoint_label pem [exportable] {terminal url url usage-keys}pass_phrase

Syntax Description	trustpoint-label	Name of the trustpoint.
	exportable	(Optional) Specifies the key that can be exported.

	terminal	Displays the request on the terminal.

	url url	Specifies the URL location. Valid values are as follows:
		• ftp:—Exports to the FTP: file system
		• null:—Exports to the null: file system
		• nvram:—Exports to the NVRAM: file system
		• rcp:—Exports to the RCP: file system
		• scp:—Exports to the SCP: file system
		• system:—Exports to the system: file system
		• tftp:—Exports to the TFTP: file system

	pass_phrase	Pass phrase.

	usage-keys	Specifies that two special-usage key pairs should be generated, instead of
		one general-purpose key pair.

Defaults

Command History

Command History

This command has no default settings.

Global configuration

Release	Modification
SSL Services Module	Support for this command was introduced on the Catalyst 6500 series
Release 1.2(1)	switches.

SSL Services Module	The syntax for this command changed from crypto ca to crypto pki.
Release 3.1(1)

Usage Guidelines You will receive an error if you enter the pass phrase incorrectly. The pass_phrase can be any phrase including spaces and punctuation except for the question mark (?), which has a special meaning to the Cisco IOS parser.

Pass-phrase protection associates a pass phrase with the key. The pass phrase is used to encrypt the key when it is exported. When this key is imported, you must enter the same pass phrase to decrypt it.

When importing RSA keys, you can use a public key or its corresponding certificate.

Catalyst 6500 Series Switch SSL Services Module Command Reference

	OL-9105-01	2-9

Image 35

Cisco Systems 6500 manual Crypto pki import pem, Exportable, Usage-keys, Defaults Command History

Contents

Text Part Number OL-9105-01 Corporate HeadquartersPage Iii N T E N T S Natpool Acronyms A-1 OL-9105-01 Chapter Title Description AudienceOrganization Related Documentation Example, interface interface type ConventionsConvention Description Boldface font Cisco.com Obtaining Documentation Cisco Product Security Overview Documentation Feedback Obtaining Technical Assistance Reporting Security Problems in Cisco Products Xii Submitting a Service Request Xiii Obtaining Additional Publications and Information Xiv This chapter includes the following sections Getting Help How to Find Command Options Command Comment Complete the command. If additional Must enter next on the command lineMode keyword After you enter the mode keyword Configure terminal Understanding Command ModesCommand Mode Access Method Prompt Exit Method Configure terminal privileged Exec With an interface Using the No and Default Forms of CommandsInterface command Image using the boot system flash filename Character Special Meaning Using the CLI String Search DA-D \$ \ \+Aeiou AbcdABCD This string matches any number of asterisks Telebit 3107 v32bisCharacter Ba?b $\.12 Za-z0-9+Codex telebit Abcd With For example1300 1300$ 1300space space1300 1300, ,1300, 1300 ,1300 OL-9105-01 A P T E R Release Modification DefaultsCommand Modes Command History Clear ssl-proxy conn Defaults Command Modes Command History Clear ssl-proxy content Usage Guidelines Clear ssl-proxy session Clear ssl-proxy stats Ssl-proxy#clear ssl-proxy stats 3des Crypto pki export pemTerminal Des Crypto pki import pem Related Commands Usage-keys Defaults Command HistoryCrypto pki import pem Exportable Crypto pki export pem Crypto pki export pkcs12 This example shows how to export a PKCS12 file using SCP Crypto pki import pkcs12 Crypto This example shows how to import a PKCS12 file using SCPFilename TP2? /users/admin-1/pkcs12/TP2.p12 Crypto key encrypt rsa Crypto key decrypt rsaName key-name Passphrase passphrase Crypto key lock rsa Crypto key encrypt rsaCrypto key decrypt rsa Optional Specifies that the key can be exported Crypto key export rsa pemKeylabel Name of the key Key nametest-keys UsageGeneral Purpose Key System-Imports from the system file system Crypto key import rsa pemInstead of one general-purpose key pair Null-Imports from the null file system PEM-formatted RSA key to the SSL Services Module Passphrase passphrase Crypto key lock rsaCrypto key lock rsa name key-namepassphrase passphrase Name key-name Optional Name of the key Crypto key unlock rsa name key-namepassphrase passphrase Crypto key unlock rsa Debug ssl-proxy Command History Release Modification This example shows how to turn on App debugging Configuration mode Do commandCommand EXEC-level command to be executed Syntax Description Syntax Description Defaults Command Modes Command HistoryInterface ssl-proxy Standby ip Standby authenticationStandby delay minimum reload Standby timers Ssl-proxyconfig-subif#ip address 208.59.100.18 Ssl-proxy config# interface ssl-proxy Natpool nat-pool-name startipaddr endipaddr netmask netmask Context subcommand modeThis example shows how to define a pool of IP addresses Natpool Failed-interval seconds Syntax Description Defaults Command ModesPolicy health-probe tcp Interval seconds Running on server IP address Open-timeout secondsSsl-proxyconfig#ssl-proxy context ssl Ssl-proxyconfig-context#policy health-probe tcp probe1Page Policy that is applied to the payload Policy http-headerClient-cert pem Alias Field To Insert Description Client-cert pem Prefix Client-ip-portCustom custom-string Inserts the custom-stringheader into the Http header SSL-OFFLOAD-SOFTWARE VERSION3.11 Related Commands show ssl-proxy policy Policy ssl Close-protocol is disabledSession-caching is enabled Timeout session timeout absolute SSL-Policy Configuration Submode Command Descriptions Renegotiation interval time Renegotiation volume sizeTimeout handshake timeout Help OL-9105-01 This example shows how to disable a session cache This example shows how to enable a session cache OL-9105-01 Policy tcp No timeout inactivity timeout-in-seconds Delayed-ack-threshold delayDelayed-ack-timeout timer No timeout fin-wait timeout-in-seconds Server to client connection, the server connection must be No timeout reassembly timeForm of this command to return to the default setting No tos carryover Ssl-proxy config-ctx-tcp-policy# mss Policy url-rewrite Redirectonly Ssl-proxyconfig-context#ssl-proxy policy url-rewrite test1 Ca-pool-name Certificate authority pool name Pool caPool ca ca-pool-name Service Certificate rsa general-purpose trustpoint Authenticate verify all signature-onlyDefault certificate inservice nat server Inservice Vlan vlan Virtual policy ssl ssl-policy-nameVirtual policy tcp Related Commands show ssl-proxy service Policy health-probe tcp Policy http-header Service client Vlan vlan Nat server client natpool-nameVirtual policy ssl ssl-policy-name Virtual policy tcp Ssl-proxy config-ctx-ssl-proxy# server policy tcp tcppl1 Show ionterfaces Show interfaces ssl-proxyShow interfaces ssl-proxy 0.subinterface Policy tcp Ssl-proxy#show ssl-proxy buffers This command has no default settingsShow ssl-proxy buffers Show ssl-proxy buffers Show ssl-proxy certificate-history Show ssl-proxy certificate-history service nameService name Specific proxy service Record 1, Timestamp000051, 163634 UTC Oct 31 Ssl-proxy# show ssl-proxy certificate-history Related Commands service Remote Show ssl-proxy conn4tuple Local Ssl-proxy#show ssl-proxy conn Context name Module module 200.200.1438814 58796 Name Optional Name of the context Context DefaultShow ssl-proxy context Show ssl-proxy context name Details Show ssl-proxy crash-infoShow ssl-proxy crash-info brief details Brief Ssl-proxy#show ssl-proxy crash-info brief Stack top Printing 1024 bytes from stack top Ssl-proxy#show ssl-proxy mac address Show ssl-proxy mac addressShow ssl-proxy mac address Natpool Show ssl-proxy natpoolShow ssl-proxy natpool namecontext name Context name Url-rewrite Show ssl-proxy policyHealth-probe tcp Http-header Ssl-proxy#show ssl-proxy policy tcp tcp-policy1 Ssl-proxy#show ssl-proxy policy ssl ssl-policy1 Ssl-proxy#show ssl-proxy policy health-probe tcp tcp-health Ssl-proxy#show ssl-proxy service S6 Show ssl-proxy serviceShow ssl-proxy service namecontext name Ssl-proxy#show ssl-proxy service Service client Show ssl-proxy stats type ContentShow ssl-proxy stats Stats This example shows how to display the PKI statistics This example shows how to display the TCP statistics Ssl-proxy# show ssl-proxy stats hdr This example shows how to display context statisticsSsl-proxy#show ssl-proxy stats context Context name Default Ssl-proxy#show ssl-proxy stats content This example shows how to display content statistics Show ssl-proxy status Show ssl-proxy statusShow ssl-proxy status fdu ssl tcp TCP cpu is alive Ssl-proxy#show ssl-proxy version Show ssl-proxy versionShow ssl-proxy version Optional Displays debug information Show ssl-proxy vlanShow ssl-proxy vlan vlan-iddebugmodule module Debug Defaults Command Modes Command History Examples Snmp-server enable Description description Command Purpose and Guidelines DefaultsSsl-proxy context Ssl-proxy context name No ssl-proxy context name Pool ca name Policy ssl policy-namePolicy tcp policy-name Policy url-rewrite policy-name Time-interval Seconds Global configurationThis example shows how to start a cryptographic self-test Ssl-proxy crypto selftest Ssl-proxy mac address This example shows how to configure a MAC addressRelated Commands show ssl-proxy mac address Ssl-proxy config# ssl-proxy mac address 00e0.b0ff.f232 Ssl-proxy pki Related Commands show ssl-proxy stats This example shows how to specify the cache sizeThis example shows how to enable PKI event-history Key-name Name of the key Passphrase Pass phrase Ssl-proxy crypto key unlock rsa Ssl-proxy ip-frag-ttl time Time is 6 seconds Global configurationSsl-proxyconfig#ssl-proxy ip-frag-ttl Ssl-proxy ip-frag-ttl Ssl-proxy ssl ratelimit No ssl-proxy ssl ratelimit Ssl-proxy config# ssl-proxy ssl ratelimitSsl-proxy config# no ssl-proxy ssl ratelimit Ssl-proxy ssl ratelimit Group-number is String is cisco Standby authentication Min-delay is 1 second Reload-delay is 5 seconds Standby delay minimum reload Ssl-proxyconfig-subif#standby delay minimum 30 reload Show standby delaySsl-proxyconfig#interface ssl-proxy Group-number is Defaults Command Modes Command History Usage GuidelinesStandby ip Secondary 100 Used by the hot standby group is learned using Hsrp Mac-address MAC address Standby mac-addressStandby group-numbermac-addressmac-address No standby group-numbermac-address 102 Ssl-proxyconfig-subif#standby 1 mac-addressThat is used in the end nodes Show standby 103 Standby mac-refreshStandby mac-refresh seconds no standby mac-refresh Group-name Name of the standby group Hsrp is disabledStandby name Standby name group-name No standby name group-name 105 Standby preempt To become the active router Operation returns to the default behaviorLeaves any synchronization delay if it was configured Clients Group-number is Priority is Standby priorityStandby group-numberpriority priority No standby group-numberpriority priority 108 This example shows how to change the router priority 109 Standby redirects 110 Related Commands show standbySsl-proxyconfig-subif#standby redirects timers 90 Show standby redirect 111 Standby timersMsec Optional Specifies the interval in milliseconds 112 113 Standby trackDecrement priority Or comes back up 114 Router a ConfigurationRouter B Configuration Related Commands standby preempt On which it was entered, instead of the major interface Standby use-biaStandby use-bia scope interface no standby use-bia Scope interface Specifies Hsrp version This example shows how to configure Hsrp versionStandby version Standby version 1 Acronym Expansion CEF CbacCCA CDP Dspu DramDsap Dscp IDP ICDIcmp IDB MFD MD5Mdix Mdss PAE OSIOSM Ospf RPC RmonROM Rommon TACACS+ STPSVC SVI Xerox Network System Weighted round-robinWRR XNS OL-9105-01 Acknowledgments for Open-Source Software OL-9105-01 IN-1 # character privileged Exec mode promptAsterisk + plus sign Period ? command Caret $ character IN-2 IN-3 IN-4 IN-5 TCP IN-6 Configuration submode User Exec mode, summary