41-16
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter41 Configuring Digital Certificates
Configuring Digital Certificates
Importing a Trustpoint Configuration
To import a trustpoint configuration, enter the following command:
Examples
The following example manually imports PKCS12 data to the trustpoint Main with the passphrase
Wh0zits:
hostname (config)# crypto ca import Main pkcs12 Wh0zits
Enter the base 64 encoded pkcs12.
End with a blank line or the word "quit" on a line by itself:
[ PKCS12 data omitted ]
quit
INFO: Import PKCS12 operation completed successfully
The following example manually imports a certificate for the trustpoint Main:
hostname (config)# crypto ca import Main certificate
% The fully-qualified domain name in the certificate will be:
securityappliance.example.com
Enter the base 64 encoded certificate.
End with a blank line or the word “quit” on a line by itself
[ certificate data omitted ]
quit
INFO: Certificate successfully imported
Command Purpose
crypto ca import trustpoint pkcs12
Example:
hostname(config)# crypto ca import Main
pkcs12
Imports keypairs and issued certificates that are associated with a
trustpoint configuration. The ASA prompts you to paste the text into the
terminal in base 64 format. The key pair imported with the trustpoint is
assigned a label that matches the name of the trustpoint that you create.
Note If an ASA has trustpoints that share the same CA, you can use
only one of the trustpoints that share the CA to validate user
certificates. To control which trustpoint that shares a CA is used
for validation of user certificates issued by that CA, use the
support-user-cert-validation keyword.