Usage Guidelines Examples | Cisco Systems 6500 specification

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

crypto pki import pem

Usage Guidelines

Examples

You will receive an error if you enter the pass phrase incorrectly.The pass phrase can be any phrase including spaces and punctuation except for the question mark (?), which has special meaning to the Cisco IOS parser.

Pass-phrase protection associates a pass phrase with the key. The pass phrase is used to encrypt the key when it is exported. When this key is imported, you must enter the same pass phrase to decrypt it.

When importing RSA keys, you can use a public key or its corresponding certificate.

The crypto ca import pem command imports only the private key (.prv), the server certificate (.crt), and the issuer CA certificate (.ca). If you have more than one level of CA in the certificate chain, you need to import the root and subordinate CA certificates before this command is used for authentication. Use the cut-and-paste feature or TFTP to import the root and subordinate CA certificates.

This example shows how to import a PEM-formatted file from the WebVPN Services Module:

wwbvpn(config)# crypto pki import TP5 pem url tftp://10.1.1.1/TP5 password

% Importing CA certificate...

Address or name of remote host [10.1.1.1]? Destination filename [TP5.ca]?

Reading file from tftp://10.1.1.1/TP5.ca

Loading TP5.ca from 10.1.1.1 (via Ethernet0/0.168): ! [OK - 1976 bytes]

%Importing private key PEM file...

Address or name of remote host [10.1.1.1]? Destination filename [TP5.prv]?

Reading file from tftp://10.1.1.1/TP5.prv

Loading TP5.prv from 10.1.1.1 (via Ethernet0/0.168): ! [OK - 963 bytes]

%Importing certificate PEM file...

Address or name of remote host [10.1.1.1]? Destination filename [TP5.crt]?

Reading file from tftp://10.1.1.1/TP5.crt

Loading TP5.crt from 10.1.1.1 (via Ethernet0/0.168): ! [OK - 1692 bytes]

%PEM files import succeeded. wwbvpn(config)# end webvpn#

*Apr 11 15:11:29.901: %SYS-5-CONFIG_I: Configured from console by console

Related Commands crypto pki export pem

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

2-22	OL-7310-01

Image 22

Cisco Systems 6500 manual Usage Guidelines Examples, Related Commands crypto pki export pem

Contents

Commands for the Catalyst 6500 Series Switch WebVPN Module Clear webvpn nbns DefaultsCommand Modes Command History Release Modification Clear webvpn platform Webvpn# clear webvpn platform User name Clear webvpn sessionClears the statistics for a specific context Specifies the user name Mangle Clear webvpn statsCifs Port-forward Url url Crypto key export rsa pemTerminal 3des Key nametest-keys UsageGeneral Purpose Key Usage-keys Crypto key generateGeneral-keys Exportable This example shows how to generate general-purpose RSA keys This example shows how to generate special-usage RSA keysCrypto key generate rsa usage-keys Crypto key import rsa pem Release Modification PEM-formatted RSA key to the WebVPN Services Module Crypto pki authenticate Crypto pki authenticate trustpoint-label Defaults Command Modes Command History Usage Guidelines Crypto pki certificate Crypto pki crl request Wwbvpnconfig# crypto pki crl requestCrypto pki crl request name Crypto pki enroll This example shows how to request a certificateWebvpnconfig# crypto pki enroll PROXY1 Crypto pki enroll trustpoint-label Crypto pki export pem Related Commands crypto pki import pem Crypto pki export pkcs12 Include the full path in the pkcs12filename value This example shows how to export a PKCS12 file using SCPWwbvpnconfig# crypto ca export TP1 pkcs12 scp sky is blue PKCS12 file Crypto pki import pem Related Commands crypto pki export pem Usage Guidelines Examples Crypto pki import pkcs12 This example shows how to import a PKCS12 file using SCP Users/admin-1/pkcs12/TP2.p12 Crypto pki profile enrollment Webvpnconfig# crypto pki profile enrollment testCrypto pki profile enrollment label Crypto pki trustpoint Command Purpose and Guidelines Defaults Period minutes count count url url Enrollment http-proxymode ra retryPeriod minutes-1 Count count-10 Match certificate mapname map override Certificate map mapname commandPassword password Skip Usage ike ssl-client ssl-server Subject-name lineVrf vrf Debug webvpn Event app next-hop tcp-Event debugging Trace module module- FDU trace Cert- Certificate management Ca-pool- CA PoolEvents- Events This example shows how to turn on tunnel debugging Usage Guidelines Nbns-list Nbns-list name no nbns-list name Nbns-server ipaddr Master timeoutExit Banner value string Policy groupFilter tunnel ip-acl Hide-url-bar Functions file-accessTimeout idle Nbns-list name Webvpnconfig# webvpn context cisco Webvpnconfig-webvpn-group#svc address-pool ciscotunlpool Port-forward Default local-portSpecifies the default local port valid values are from 1 to Port-forward listname no port-forward listname Related Commands url-list Webvpn context Show webvpn context name Show webvpn contextWebvpn# show web context tunnel Algorithm Show webvpn dispatchShow webvpn dispatch algorithm member stats Member Sslvpn CLB Member Table Show webvpn gateway name Webvpn# show webvpn gateway s1 Admin Status upShow webvpn gateway Webvpn# show webvpn gateway Csd Show webvpn installFile Status Webvpn# show web install file \webvpn\stc\version.txt All Show webvpn nbnsShow webvpn nbns context name all Show web nbns context all Show webvpn-platform buffers module module Show webvpn platform buffersShow webvpn-platform buffers module all Show webvpn platform context name module module Show webvpn platform contextWebvpn# show webvpn platform context tunnel OL-7310-01 Brief Show webvpn platform crash-infoShow webvpn platform crash-info brief details Details Nvram Version This Core Didnt Crash Debug Show webvpn platform gatewayShow webvpn platform gateway name debug module module Module module Vlan ID Show webvpn platform mac address This command has no default settingsShow webvpn platform mac address Module Ssl Show webvpn platform policyShow webvpn platform policy ssl tcp name Tcp Show webvpn platform version Show webvpn platform versionWebvpn# show webvpn platform version Show webvpn platform vlan vlan-id Show webvpn platform vlanWebvpn# show webvpn platform vlan Group name Related Commands webvpn policy sslShow webvpn policy Context name Tcp User name Show webvpn sessionContext name Webvpn# show webvpn session context c1 Show webvpn stats type Show webvpn statsWebvpn# show webvpn stats Mangling statistics Relative urls 15705 Absolute urls 41850 DPD Page TCP VCs Active VCs Aborted Conns Webvpn# show web stats context tunnel DPD Snmp-server enable This example shows how to enable traps This example shows how to enable Snmp informsThis example shows how to enable authentication traps Svc Command Modes WebVPN group context submodeCommand History Release Modification Dns-server primary secondary Command Purpose and Guidelines Default Rekey time interval Rekey method new-tunnel sslNo rekey method No rekey time Heading text Url-listUrl-list listname no url-list listname Url-text text url-value url/exchage Related Commands webvpn context Default-group-policy default-policy-name Aaa authentication domain domain-listSpecifies AAA configuration parameters for context Webvpn context No login-message InserviceLogin-message string Password-prompt prompt Policy group policy-name Ssl authenticate verify all noneAuthenticate verify -Specifies the SSL Policy ssl policy-name Vrf-name vrf-name Url-list listnameColor Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Webvpnconfig-webvpn-context# url-list cisco 100 Webvpn gateway No policy tcp SecondaryNo policy ssl Webvpnconfig-webvpn-gateway#ip address 172.21.65.71 port Webvpnconfig# webvpn gateway commonContext and enter the gateway submode Webvpn policy ssl Timeout session timeout absolute No session-cache enableTimeout handshake timeout Help Wwbvpnconfig# webvpn policy ssl sslpl1 This example shows how to enable session-cacheThis example shows how to disable session-cache Wwbvpnconfig-ssl-policy#cipher RSAWITH3DESEDECBCSHA Related Commands show webvpn stats This example shows how to print out a helpWwbvpnconfig-ssl-policy#timeout session 30000 absolute Default Exit Timeout syn is 75 secondsTimeout reassembly is 60 seconds Tos carryover is disabled Webvpn policy tcp No timeout fin-wait timeout-in-seconds Delayed-ack-thresholdDelay-ack-timeout No timeout inactivity timeout-in-seconds No tos carryover No timeout reassembly timeForm of this command to return to the default setting Server to client connection, the server connection must be 111 112