Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems 6500 crypto key lock rsa name key-name passphrase passphrase, 2-21, Release

Models: 6500

1 160

Download 160 pages 24.26 Kb

Page 47

crypto key lock rsa

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

crypto key lock rsa

crypto key lock rsa

To lock the encrypted private key, use the crypto key lock rsa command.

crypto key lock rsa [name key-name]passphrase passphrase

Syntax Description	name key-name	(Optional) Name of the key.
	passphrase passphrase	Pass phrase.

Defaults

Command Modes

Command History

This command has no default settings.

EXEC

Release	Modification
SSL Services Module	Support for this command was introduced on the Catalyst 6500 series
Release 3.1(1)	switches.

Usage Guidelines After the key is locked, it cannot be used to authenticate the router to a peer device. This behavior disables any IPsec or SSL connections that use the locked key.

Any existing IPsec tunnels created on the basis of the locked key will be closed.

If all RSA keys are locked, SSH will automatically be disabled.

Examples	This example shows how to lock the key “pki1-72a.cisco.com.” Enter the show crypto key mypubkey
	rsa command to verify that the key is protected (encrypted) and locked.
	ssl-proxy#	crypto key lock rsa name pki1-72a.cisco.com passphrase cisco1234
	ssl-proxy#	show crypto key mypubkey rsa
	Key name:pki1-72a.cisco.com
	Usage:General Purpose Key
	* The key is protected and LOCKED. *
	Key is exportable.
	Key Data:
	305C300D	06092A86	4886F70D	01010105	00034B00	30480241	00D7808D C5FF14AC
	...
	% Key pair	was generated at: 16:00:11 PST Feb 28 2002

ssl-proxy#

Related Commands crypto key decrypt rsa crypto key encrypt rsa crypto key unlock rsa

Catalyst 6500 Series Switch SSL Services Module Command Reference

	OL-9105-01	2-21

Image 47

Cisco Systems 6500 manual crypto key lock rsa name key-name passphrase passphrase, 2-21, Syntax Description, Release

Contents

Cisco Systems, Inc 170 West Tasman Drive San Jose, CA Corporate HeadquartersCatalyst 6500 Series Switch SSL Services Module Command Reference ReleaseTHE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS C O N T E N T S How to Find Command OptionsDefinitions of Service Request Severity Command-Line Interfacenatpool Commands for the Catalyst 6500 Series Switch SSL Services Moduleservice service clientshow ssl-proxy vlan snmp-server enablessl-proxy pki Acronyms A-1OL-9105-01 ContentsCatalyst 6500 Series Switch SSL Services Module Command Reference Preface Command-Line InterfaceCommands for the Catalyst Series Switch SSL Servicesexample, interface interface type ConventionsConvention boldface fontProduct Documentation DVD Obtaining DocumentationCisco.com Ordering Documentation Documentation FeedbackCisco Product Security Overview Emergencies - security-alert@cisco.com Reporting Security Problems in Cisco ProductsObtaining Technical Assistance Cisco Technical Support & Documentation WebsiteDefinitions of Service Request Severity Submitting a Service Requestxiii Obtaining Additional Publications and InformationOL-9105-01 Catalyst 6500 Series Switch SSL Services Module Command ReferencePreface Obtaining Additional Publications and Information Using the No and Default Forms of Commands, page Command-Line InterfaceGetting Help, page How to Find Command Options, page Understanding Command Modes, pagePurpose How to Find Command OptionsCommand Table 1-2 How to Find Command Options CommandComment ssl-proxyconfig-if# channel-group 1 mode auto CommandTable 1-2 How to Find Command Options continued ssl-proxyconfig-if# channel-group 1 mode auto ?configure terminal Understanding Command ModesAccess Method configure terminal privileged EXECwith an interface Using the No and Default Forms of Commandsinterface command image using the boot system flash filenameCharacter Using the CLI String SearchRegular Expressions Single-Character Patternsa-dA-D \$ \ \+aeiou abcdABCDba?b Multiple-Character PatternsMultipliers telebit 3107 v32biscodex telebit AlternationAnchoring A-Za-z0-9+a.bc.\1\2 Parentheses for Recall1300 1300$ 1300space space1300 1300, ,1300, 1300 ,1300OL-9105-01 1-12Chapter 1 Command-Line Interface Using the CLI String Search Catalyst 6500 Series Switch SSL Services Module Command ReferenceC H A P T E R Commands for the Catalyst 6500 Series Switch SSL Services Moduleclear ssl-proxy conn service nameDefaults Command Modes Command HistoryThis example shows how to clear all of the content statistics clear ssl-proxy contentclear ssl-proxy content all rewrite scanning module module Defaults Command Modes Command HistoryDefaults clear ssl-proxy sessionUsage Guidelines service namessl tcp url service nameCommand Modes clear ssl-proxy statscontext name Command History Usage Guidelines ExamplesRelease ModificationRelease Defaultscrypto pki export pem Command Modes Command Historycrypto pki import pem ExamplesRelease Defaults Command History Command Historycrypto pki import pem Syntax Descriptioncrypto pki export pem 2-10151129.901 %SYS-5-CONFIGI Configured from console by console ExamplesRelease crypto pki export pkcs122-11 Defaults Command Modes Command Historyssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is blue 2-12Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceCommand Modes Command History crypto pki import pkcs122-13 DefaultsCatalyst 6500 Series Switch SSL Services Module Command Reference 2-14Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module filename TP2? /users/admin-1/pkcs12/TP2.p122-15 crypto key decrypt rsacrypto key decrypt write rsa name key-name passphrase passphrase passphrase passphraseDefaults crypto key encrypt rsacrypto key encrypt write rsa name key-name passphrase passphrase 2-16Syntax Description crypto key export rsa pem2-17 Defaults Command Modes Command HistoryCatalyst 6500 Series Switch SSL Services Module Command Reference This example shows how to export a key from the SSL Services Module2-18 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleSyntax Description crypto key import rsa pem2-19 Defaults Command Modes Command HistoryCatalyst 6500 Series Switch SSL Services Module Command Reference 2-20Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxyconfig# crypto key import rsa newkeys pem url scp passwordDefaults Command Modes Command History crypto key lock rsacrypto key lock rsa name key-name passphrase passphrase 2-21Defaults Command Modes Command History crypto key unlock rsacrypto key unlock rsa name key-name passphrase passphrase 2-22fdu type content typedebug ssl-proxy pki type ssl type tcp type vlanRelease Command History2-24 content typeExamples This example shows how to turn on App debugging2-25 Usage Guidelines Command ModesRelease ModificationSyntax Syntax Description Defaults Command Modes Command Historydefault interface ssl-proxypriority priority redirects enable standby group-number authenticationtext string delay minimum min-delay group-name preempt delayminimumExamples 2-29Related Commands show interfaces ssl-proxy show ssl-proxy vlan Defaults natpoolshow ssl-proxy natpool 2-30failed-interval is 60 seconds Syntax Description Defaults Command Modespolicy health-probe tcp policy health-probe tcp policy-nameDescription 2-32open-timeout seconds SyntaxRelated Commands show ssl-proxy policy show ssl-proxy service 2-33Field To Insert policy http-headerclient-cert pem aliasClientCert-Subject-CN 2-35Field To Insert DescriptionSyntax Field to insert2-36 Description2-37 client-ip-portprefix sessionRelated Commands show ssl-proxy policy 2-38Defaults timeout session timeout absolutepolicy ssl 2-39the ssl-proxy policy ssl command entered in global subcommand mode SSL Services ModuleThis command was changed to add the following subcommands The policy ssl command entered in context subcommand mode replacesrenegotiation interval time renegotiation volume sizetimeout handshake timeout helpall-export-All export ciphers all-strong-All strong ciphers default 2-42Examples 2-43This example shows how to enter the SSL-policy configuration submode policy ssl 2-44Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceCommand Modes policy tcp2-45 Defaultsno timeout inactivity timeout-in-seconds delayed-ack-threshold delaydelayed-ack-timeout timer no timeout fin-wait timeout-in-secondsSyntax no timeout reassembly timeno tos carryover 2-47This example shows how to define the maximum size for the TCP segment 2-48Command Modes policy url-rewrite2-49 DefaultsExamples 2-50Enter the no form of the command to remove the policy default pool ca2-51 Defaults Command Modes Command HistoryDefaults serviceservice client command 2-52certificate rsa general-purpose trustpoint authenticate verify all signature-onlydefault certificate inservice nat server inservicevirtual policy ssl ssl-policy-name 2-54Syntax DescriptionRelated Commands show ssl-proxy service 2-55Syntax Description Defaults Command Modes service clientpolicy health-probe tcp policy http-header 2-56vlan vlan nat server client natpool-namevirtual policy ssl ssl-policy-name virtual policy tcpExamples 2-58Related Commands show ssl-proxy service Defaults show interfaces ssl-proxyshow interfaces ssl-proxy 0.subinterface 2-592-60 This command has no default settingsshow ssl-proxy buffers show ssl-proxy buffersDefaults Command Modes Command History show ssl-proxy certificate-history service nameshow ssl-proxy certificate-history 2-61Examples 2-62Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceCatalyst 6500 Series Switch SSL Services Module Command Reference Related Commands service2-63 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module4tuple show ssl-proxy conn service name context name module moduleshow ssl-proxy conn show ssl-proxy conn module modulecontext name 2-65Release Modificationssl-proxy# show ssl-proxy conn service iis1 2-66Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceDefaults show ssl-proxy contextshow ssl-proxy context name 2-67details show ssl-proxy crash-infoshow ssl-proxy crash-info brief details briefshow ssl-proxy crash-info 2-69Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceSyntax Description Defaults Command Modes Command History show ssl-proxy mac addressshow ssl-proxy mac address 2-70Defaults Command Modes Command History show ssl-proxy natpoolshow ssl-proxy natpool namecontext name 2-71http-header show ssl-proxy policyurl-rewrite name health-probe tcpDelayed ACK timer 2-73Reassembly timeout Disabledssl-proxy# show ssl-proxy policy health-probe tcp tcp-health 2-74policy tcp policy url-rewrite Defaults Command Modes Command History show ssl-proxy serviceshow ssl-proxy service namecontext name 2-75show ssl-proxy service 2-76Related Commands service Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module2-77 contentshow ssl-proxy stats show ssl-proxy stats typeExamples 2-78Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referencessl-proxy# show ssl-proxy stats pki PKI Memory Usage Counters 2-79Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module show ssl-proxy statsCatalyst 6500 Series Switch SSL Services Module Command Reference 2-80Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxy# show ssl-proxy stats context Context name DefaultCatalyst 6500 Series Switch SSL Services Module Command Reference 2-81Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxy# show ssl-proxy stats contentOptional Displays the FDU status show ssl-proxy statusshow ssl-proxy status fdu ssl tcp Syntax Descriptionshow ssl-proxy status 2-83Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceSyntax Description Defaults Command Modes Command History show ssl-proxy versionshow ssl-proxy version 2-842-85 Related Commandsshow ssl-proxy vlan show ssl-proxy vlan vlan-iddebugmodule moduletraps snmp-server enableDefaults Command Modes Command History Examples informsdescription description ssl-proxy contextssl-proxy context name no ssl-proxy context name Purpose and GuidelinesDefaults Purpose and Guidelines2-88 Commandtime-interval ssl-proxy crypto selftestssl-proxy crypto selftest time-interval seconds no ssl-proxy crypto selftest2-90 This example shows how to configure a MAC addressssl-proxy mac address ssl-proxy mac address mac-addrtimeout minutes no ssl-proxy pki authenticate cache certificate historyauthenticate timeout secondsExamples 2-92Related Commands show ssl-proxy stats Defaults Command Modes Command History ssl-proxy crypto key unlock rsassl-proxy crypto key unlock rsa key-name passphrase passphrase 2-93Syntax Description Defaults Command Modes ssl-proxy ip-frag-ttlssl-proxy ip-frag-ttl time 2-94Defaults ssl-proxy ssl ratelimitssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit 2-952-96 standby authenticationstandby group-number authentication text string no standby group-number authentication text string2-97 standby delay minimum reloadstandby delay minimum min-delay reload reload-delay no standby delay minimum min-delay reload reload-delayChapter 2 Commands for the Catalyst 6500 Series SSL Services Module show standby delay2-98 Related CommandsSyntax Description Defaults Command Modes Command History Usage Guidelinesstandby ip 2-99Examples 2-100used by the hot standby group is learned using HSRP 2-101 standby mac-addressno standby group-number mac-address APPNExamples show standby2-102 Defaults Command Modes Command History standby mac-refreshstandby mac-refresh seconds no standby mac-refresh 2-1032-104 This example shows how to specifiy the standby name as SanJoseHAstandby name standby name group-name no standby name group-nameCommand Modes Command History standby preempt2-105 DefaultsExamples 2-106ssl-proxy config-subif# standby preempt delay minimum Defaults Command Modes Command History standby priorityno standby group-number priority priority 2-107Catalyst 6500 Series Switch SSL Services Module Command Reference 2-108Related Commands Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulestandby redirects enabledisable timers2-110 This example shows how to allow HSRP to filter ICMP redirect messagesRelated Commands show standby show standby redirectCommand Modes Command History standby timers2-111 DefaultsExamples 2-112timers 5 standby timers msec 300 msecSyntax Description standby track2-113 Defaults Command Modes Command History2-114 Router A ConfigurationRouter B Configuration Related Commands standby preempt2-115 standby use-biastandby use-bia scope interface no standby use-bia scope interfaceSpecifies HSRP version This example shows how to configure HSRP versionstandby version standby version 1Expansion AcronymsA P P E N D I X A AcronymTable A-1 List of Acronyms continued AcronymExpansion Expansion AcronymExpansion AcronymExpansion AcronymExpansion AcronymExpansion AcronymExpansion AcronymTable A-1 List of Acronyms continued Catalyst 6500 Series Switch SSL Services Module Command ReferenceAcronym ExpansionOL-9105-01 A-10Catalyst 6500 Series Switch SSL Services Module Command Reference Appendix A AcronymsA P P E N D I X B Acknowledgments for Open-Source SoftwareOL-9105-01 Catalyst 6500 Series Switch SSL Services Module Command ReferenceAppendix B Acronyms IN-1 SymbolsNumerics I N D EIN-2 secondary interface IN-3configuring IN-4 IN-5 OL-9105-01 IN-6Catalyst 6500 Series Switch SSL Services Module Command Reference Index