Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

crypto key lock rsa

crypto key lock rsa

To lock the encrypted private key, use the crypto key lock rsa command.

crypto key lock rsa [name key-name]passphrase passphrase

Syntax Description

name key-name

(Optional) Name of the key.

 

passphrase passphrase

Pass phrase.

 

 

 

Defaults

Command Modes

Command History

This command has no default settings.

EXEC

Release

Modification

SSL Services Module

Support for this command was introduced on the Catalyst 6500 series

Release 3.1(1)

switches.

 

 

Usage Guidelines After the key is locked, it cannot be used to authenticate the router to a peer device. This behavior disables any IPsec or SSL connections that use the locked key.

Any existing IPsec tunnels created on the basis of the locked key will be closed.

If all RSA keys are locked, SSH will automatically be disabled.

Examples

This example shows how to lock the key “pki1-72a.cisco.com.” Enter the show crypto key mypubkey

 

rsa command to verify that the key is protected (encrypted) and locked.

 

ssl-proxy#

crypto key lock rsa name pki1-72a.cisco.com passphrase cisco1234

 

ssl-proxy#

show crypto key mypubkey rsa

 

 

 

Key name:pki1-72a.cisco.com

 

 

 

 

 

Usage:General Purpose Key

 

 

 

 

 

*** The key is protected and LOCKED. ***

 

 

 

Key is exportable.

 

 

 

 

 

 

Key Data:

 

 

 

 

 

 

 

305C300D

06092A86

4886F70D

01010105

00034B00

30480241

00D7808D C5FF14AC

 

...

 

 

 

 

 

 

 

% Key pair

was generated at: 16:00:11 PST Feb 28 2002

 

ssl-proxy#

Related Commands crypto key decrypt rsa crypto key encrypt rsa crypto key unlock rsa

Catalyst 6500 Series Switch SSL Services Module Command Reference

 

OL-9105-01

2-21

 

 

 

Page 47
Image 47
Cisco Systems 6500 Crypto key lock rsa name key-namepassphrase passphrase, Name key-name Optional Name of the key