Cisco Systems SR-207 sam add certificate, or other flash device on router, untrust, Defaults

Software Authentication Manager Commands on Cisco IOS XR Software

sam add certificate

sam add certificate

To add a new certificate to the certificate table, use the sam add certificate command in EXEC mode.

sam add certificate filepath location {trust untrust}

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

For security reasons, the sam add certificate command can be issued only from the console or auxiliary port of the networking device; the command cannot be issued from a Telnet connection to any other interface on the networking device.

The certificate must be copied to the network device before it can be added to the certificate table. If the certificate is already present in the certificate table, the SAM rejects the attempt to add it.

When adding root certificates, follow these guidelines:

•Only the certificate authority (CA) root certificate can be added to the root location.

•To add a root certificate, you must use the trust keyword. Adding the root certificate with the untrust keyword is not allowed.

Use of the trust keyword assumes that you received the new certificate from a source that you trust, and therefore have enough confidence in its authenticity to bypass validation by the SAM. One example of acquiring a certificate from a trusted source is downloading it from a CA server (such as Cisco.com) that

Cisco IOS XR System Security Command Reference

SR-208