Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems 6500 crypto key export rsa pem, 2-17, Syntax Description, Release, Modification

Models: 6500

1 160

Download 160 pages 24.26 Kb

Page 43

crypto key export rsa pem

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

crypto key export rsa pem

crypto key export rsa pem

To export a PEM-formatted RSA key to the SSL Services Module, use the crypto key export rsa pem command.

crypto key export rsa keylabel pem {terminal url url} {{3des des} [exportable] pass_phrase}

Syntax Description	keylabel	Name of the key.
	terminal	Displays the request on the terminal.

	url url	Specifies the URL location. Valid values are as follows:
		• ftp:—Exports to the FTP: file system
		• null:—Exports to the null: file system
		• nvram:—Exports to the NVRAM: file system
		• rcp:—Exports to the RCP: file system
		• scp:—Exports to the SCP: file system
		• system:—Exports to the system: file system
		• tftp:—Exports to the TFTP: file system

	3des	Specifies the 168-bit DES (3DES) encryption algorithm.

	des	Specifies the 56-bit DES-CBC encryption algorithm.

	exportable	(Optional) Specifies that the key can be exported.

	pass_phrase	Pass phrase.

Defaults

Command Modes

Command History

This command has no default settings.

Global configuration

Release	Modification
SSL Services Module	Support for this command was introduced on the Catalyst 6500 series
Release 1.2(1)	switches.

Usage Guidelines The pass phrase can be any phrase including spaces and punctuation except for the question mark (?), which has a special meaning to the Cisco IOS parser.

Pass-phrase protection associates a pass phrase with the key. The pass phrase is used to encrypt the key when it is exported. When this key is imported, you must enter the same pass phrase to decrypt it.

Catalyst 6500 Series Switch SSL Services Module Command Reference

	OL-9105-01	2-17

Image 43

Cisco Systems 6500 crypto key export rsa pem, 2-17, Syntax Description, Defaults Command Modes Command History, Release

Contents

Cisco Systems, Inc 170 West Tasman Drive San Jose, CA Corporate HeadquartersCatalyst 6500 Series Switch SSL Services Module Command Reference ReleaseTHE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS C O N T E N T S How to Find Command OptionsDefinitions of Service Request Severity Command-Line Interfacenatpool Commands for the Catalyst 6500 Series Switch SSL Services Moduleservice service clientshow ssl-proxy vlan snmp-server enablessl-proxy pki Acronyms A-1Catalyst 6500 Series Switch SSL Services Module Command Reference ContentsOL-9105-01 Preface Command-Line InterfaceCommands for the Catalyst Series Switch SSL Servicesexample, interface interface type ConventionsConvention boldface fontCisco.com Obtaining DocumentationProduct Documentation DVD Cisco Product Security Overview Documentation FeedbackOrdering Documentation Emergencies - security-alert@cisco.com Reporting Security Problems in Cisco ProductsObtaining Technical Assistance Cisco Technical Support & Documentation WebsiteDefinitions of Service Request Severity Submitting a Service Requestxiii Obtaining Additional Publications and InformationPreface Obtaining Additional Publications and Information Catalyst 6500 Series Switch SSL Services Module Command ReferenceOL-9105-01 Using the No and Default Forms of Commands, page Command-Line InterfaceGetting Help, page How to Find Command Options, page Understanding Command Modes, pageCommand How to Find Command OptionsPurpose Comment CommandTable 1-2 How to Find Command Options ssl-proxyconfig-if# channel-group 1 mode auto CommandTable 1-2 How to Find Command Options continued ssl-proxyconfig-if# channel-group 1 mode auto ?configure terminal Understanding Command ModesAccess Method configure terminal privileged EXECwith an interface Using the No and Default Forms of Commandsinterface command image using the boot system flash filenameCharacter Using the CLI String SearchRegular Expressions Single-Character Patternsa-dA-D \$ \ \+aeiou abcdABCDba?b Multiple-Character PatternsMultipliers telebit 3107 v32biscodex telebit AlternationAnchoring A-Za-z0-9+a.bc.\1\2 Parentheses for Recall1300 1300$ 1300space space1300 1300, ,1300, 1300 ,1300OL-9105-01 1-12Chapter 1 Command-Line Interface Using the CLI String Search Catalyst 6500 Series Switch SSL Services Module Command ReferenceC H A P T E R Commands for the Catalyst 6500 Series Switch SSL Services Moduleclear ssl-proxy conn service nameDefaults Command Modes Command HistoryThis example shows how to clear all of the content statistics clear ssl-proxy contentclear ssl-proxy content all rewrite scanning module module Defaults Command Modes Command HistoryDefaults clear ssl-proxy sessionUsage Guidelines service namessl tcp url service nameCommand Modes clear ssl-proxy statscontext name Command History Usage Guidelines ExamplesRelease ModificationRelease Defaultscrypto pki export pem Command Modes Command Historycrypto pki import pem ExamplesRelease Defaults Command History Command Historycrypto pki import pem Syntax Descriptioncrypto pki export pem 2-10151129.901 %SYS-5-CONFIGI Configured from console by console ExamplesRelease crypto pki export pkcs122-11 Defaults Command Modes Command Historyssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is blue 2-12Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceCommand Modes Command History crypto pki import pkcs122-13 DefaultsCatalyst 6500 Series Switch SSL Services Module Command Reference 2-14Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module filename TP2? /users/admin-1/pkcs12/TP2.p122-15 crypto key decrypt rsacrypto key decrypt write rsa name key-name passphrase passphrase passphrase passphraseDefaults crypto key encrypt rsacrypto key encrypt write rsa name key-name passphrase passphrase 2-16Syntax Description crypto key export rsa pem2-17 Defaults Command Modes Command HistoryCatalyst 6500 Series Switch SSL Services Module Command Reference This example shows how to export a key from the SSL Services Module2-18 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleSyntax Description crypto key import rsa pem2-19 Defaults Command Modes Command HistoryCatalyst 6500 Series Switch SSL Services Module Command Reference 2-20Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxyconfig# crypto key import rsa newkeys pem url scp passwordDefaults Command Modes Command History crypto key lock rsacrypto key lock rsa name key-name passphrase passphrase 2-21Defaults Command Modes Command History crypto key unlock rsacrypto key unlock rsa name key-name passphrase passphrase 2-22fdu type content typedebug ssl-proxy pki type ssl type tcp type vlanRelease Command History2-24 content type2-25 This example shows how to turn on App debuggingExamples Usage Guidelines Command ModesRelease ModificationSyntax Syntax Description Defaults Command Modes Command Historydefault interface ssl-proxypriority priority redirects enable standby group-number authenticationtext string delay minimum min-delay group-name preempt delayminimumRelated Commands show interfaces ssl-proxy show ssl-proxy vlan 2-29Examples Defaults natpoolshow ssl-proxy natpool 2-30failed-interval is 60 seconds Syntax Description Defaults Command Modespolicy health-probe tcp policy health-probe tcp policy-nameDescription 2-32open-timeout seconds SyntaxRelated Commands show ssl-proxy policy show ssl-proxy service 2-33Field To Insert policy http-headerclient-cert pem aliasClientCert-Subject-CN 2-35Field To Insert DescriptionSyntax Field to insert2-36 Description2-37 client-ip-portprefix sessionRelated Commands show ssl-proxy policy 2-38Defaults timeout session timeout absolutepolicy ssl 2-39the ssl-proxy policy ssl command entered in global subcommand mode SSL Services ModuleThis command was changed to add the following subcommands The policy ssl command entered in context subcommand mode replacesrenegotiation interval time renegotiation volume sizetimeout handshake timeout helpall-export-All export ciphers all-strong-All strong ciphers default 2-42This example shows how to enter the SSL-policy configuration submode 2-43Examples policy ssl 2-44Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceCommand Modes policy tcp2-45 Defaultsno timeout inactivity timeout-in-seconds delayed-ack-threshold delaydelayed-ack-timeout timer no timeout fin-wait timeout-in-secondsSyntax no timeout reassembly timeno tos carryover 2-47This example shows how to define the maximum size for the TCP segment 2-48Command Modes policy url-rewrite2-49 DefaultsEnter the no form of the command to remove the policy 2-50Examples default pool ca2-51 Defaults Command Modes Command HistoryDefaults serviceservice client command 2-52certificate rsa general-purpose trustpoint authenticate verify all signature-onlydefault certificate inservice nat server inservicevirtual policy ssl ssl-policy-name 2-54Syntax DescriptionRelated Commands show ssl-proxy service 2-55Syntax Description Defaults Command Modes service clientpolicy health-probe tcp policy http-header 2-56vlan vlan nat server client natpool-namevirtual policy ssl ssl-policy-name virtual policy tcpRelated Commands show ssl-proxy service 2-58Examples Defaults show interfaces ssl-proxyshow interfaces ssl-proxy 0.subinterface 2-592-60 This command has no default settingsshow ssl-proxy buffers show ssl-proxy buffersDefaults Command Modes Command History show ssl-proxy certificate-history service nameshow ssl-proxy certificate-history 2-61Examples 2-62Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceCatalyst 6500 Series Switch SSL Services Module Command Reference Related Commands service2-63 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module4tuple show ssl-proxy conn service name context name module moduleshow ssl-proxy conn show ssl-proxy conn module modulecontext name 2-65Release Modificationssl-proxy# show ssl-proxy conn service iis1 2-66Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceDefaults show ssl-proxy contextshow ssl-proxy context name 2-67details show ssl-proxy crash-infoshow ssl-proxy crash-info brief details briefshow ssl-proxy crash-info 2-69Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceSyntax Description Defaults Command Modes Command History show ssl-proxy mac addressshow ssl-proxy mac address 2-70Defaults Command Modes Command History show ssl-proxy natpoolshow ssl-proxy natpool namecontext name 2-71http-header show ssl-proxy policyurl-rewrite name health-probe tcpDelayed ACK timer 2-73Reassembly timeout Disabledpolicy tcp policy url-rewrite 2-74ssl-proxy# show ssl-proxy policy health-probe tcp tcp-health Defaults Command Modes Command History show ssl-proxy serviceshow ssl-proxy service namecontext name 2-75show ssl-proxy service 2-76Related Commands service Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module2-77 contentshow ssl-proxy stats show ssl-proxy stats typeExamples 2-78Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referencessl-proxy# show ssl-proxy stats pki PKI Memory Usage Counters 2-79Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module show ssl-proxy statsCatalyst 6500 Series Switch SSL Services Module Command Reference 2-80Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxy# show ssl-proxy stats context Context name DefaultCatalyst 6500 Series Switch SSL Services Module Command Reference 2-81Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxy# show ssl-proxy stats contentOptional Displays the FDU status show ssl-proxy statusshow ssl-proxy status fdu ssl tcp Syntax Descriptionshow ssl-proxy status 2-83Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceSyntax Description Defaults Command Modes Command History show ssl-proxy versionshow ssl-proxy version 2-842-85 Related Commandsshow ssl-proxy vlan show ssl-proxy vlan vlan-iddebugmodule moduletraps snmp-server enableDefaults Command Modes Command History Examples informsdescription description ssl-proxy contextssl-proxy context name no ssl-proxy context name Purpose and GuidelinesDefaults Purpose and Guidelines2-88 Commandtime-interval ssl-proxy crypto selftestssl-proxy crypto selftest time-interval seconds no ssl-proxy crypto selftest2-90 This example shows how to configure a MAC addressssl-proxy mac address ssl-proxy mac address mac-addrtimeout minutes no ssl-proxy pki authenticate cache certificate historyauthenticate timeout secondsRelated Commands show ssl-proxy stats 2-92Examples Defaults Command Modes Command History ssl-proxy crypto key unlock rsassl-proxy crypto key unlock rsa key-name passphrase passphrase 2-93Syntax Description Defaults Command Modes ssl-proxy ip-frag-ttlssl-proxy ip-frag-ttl time 2-94Defaults ssl-proxy ssl ratelimitssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit 2-952-96 standby authenticationstandby group-number authentication text string no standby group-number authentication text string2-97 standby delay minimum reloadstandby delay minimum min-delay reload reload-delay no standby delay minimum min-delay reload reload-delayChapter 2 Commands for the Catalyst 6500 Series SSL Services Module show standby delay2-98 Related CommandsSyntax Description Defaults Command Modes Command History Usage Guidelinesstandby ip 2-99used by the hot standby group is learned using HSRP 2-100Examples 2-101 standby mac-addressno standby group-number mac-address APPN2-102 show standbyExamples Defaults Command Modes Command History standby mac-refreshstandby mac-refresh seconds no standby mac-refresh 2-1032-104 This example shows how to specifiy the standby name as SanJoseHAstandby name standby name group-name no standby name group-nameCommand Modes Command History standby preempt2-105 Defaultsssl-proxy config-subif# standby preempt delay minimum 2-106Examples Defaults Command Modes Command History standby priorityno standby group-number priority priority 2-107Catalyst 6500 Series Switch SSL Services Module Command Reference 2-108Related Commands Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulestandby redirects enabledisable timers2-110 This example shows how to allow HSRP to filter ICMP redirect messagesRelated Commands show standby show standby redirectCommand Modes Command History standby timers2-111 DefaultsExamples 2-112timers 5 standby timers msec 300 msecSyntax Description standby track2-113 Defaults Command Modes Command History2-114 Router A ConfigurationRouter B Configuration Related Commands standby preempt2-115 standby use-biastandby use-bia scope interface no standby use-bia scope interfaceSpecifies HSRP version This example shows how to configure HSRP versionstandby version standby version 1Expansion AcronymsA P P E N D I X A AcronymExpansion AcronymTable A-1 List of Acronyms continued Expansion AcronymExpansion AcronymExpansion AcronymExpansion AcronymExpansion AcronymExpansion AcronymTable A-1 List of Acronyms continued Catalyst 6500 Series Switch SSL Services Module Command ReferenceAcronym ExpansionOL-9105-01 A-10Catalyst 6500 Series Switch SSL Services Module Command Reference Appendix A AcronymsA P P E N D I X B Acknowledgments for Open-Source SoftwareAppendix B Acronyms Catalyst 6500 Series Switch SSL Services Module Command ReferenceOL-9105-01 IN-1 SymbolsNumerics I N D EIN-2 configuring IN-3secondary interface IN-4 IN-5 OL-9105-01 IN-6Catalyst 6500 Series Switch SSL Services Module Command Reference Index