ta-certificate
Syntax
ta-certificate { [import [terminal]] | import {<REMOTE-URL> | <STORAGE-URL>} }
Description
Imports a CA certificate for use in the current TA profile. The certificate must be in PEM format. The PEM data must be delimited with these lines:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
NOTE:
Only the first certificate in the PEM data is imported. Any additional certificates are ignored.
Command context
config-ta-<TA-NAME>
Parameters
[import [terminal]]
- Import the certificate by pasting at the console (the default). This form of importing is selected whether
ta-certificate
is entered without parameters or if onlyimport
is entered or ifimport terminal
is entered. Upon execution, theconfig-ta-cert
context is entered for certificate pasting. To complete certificate data entry press Control-D in your terminal program. Alternatively, the pasted certificate data can include at its end the delimiterEND_OF_CERTIFICATE
(after the-----END CERTIFICATE-----
line), making entry of Control-D unnecessary.. import <REMOTE-URL>
- Import the certificate from a file on a remote TFTP or SFTP server. The URL syntax is:
{tftp:// | sftp://<USER>@} {<IP>|<HOST>} [:<PORT>] [;blocksize=<SIZE>]/<FILE>
import <STORAGE-URL>
- Available on switch families that provide USB device file import capability, import the certificate from a file on a USB storage device inserted in the switch USB port. The URL syntax is:
usb:/<FILE>
Authority
Administrators or local user group members with execution rights for this command.
Example
Importing a certificate into the TA profile root-cert by pasting PEM-format certificate data at the console:
switch(config)# crypto pki ta-profile root-cert switch(config-ta-root-cert)# ta-certificate import terminal Paste the certificate in PEM format below, then hit enter and ctrl-D: switch(config-ta-cert)# -----BEGIN CERTIFICATE----- switch(config-ta-cert)# MIIDuTCCAqECCQCuoxeJ2ZNYcjANBgkqhkiG9w0BAQsFADCBqzELMAEBh switch(config-ta-cert)# VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNVBAcMB1JvY2tsDAKBg switch(config-ta-cert)# BAoMA0hQTjEVMBMGA1UECwwMSFBOUm9zZXZpbGxlMSowKAYDVQocG5zdz ... switch(config-ta-cert)# x3WFf3dFZ8o9sd5LVAHneH/ztb9MP34z+le1V346r12L2kpxmTOVJVyTO switch(config-ta-cert)# BIzD/ST/HaWI+0S+S80rm93PSscEbb9GWk7vshh5EnW/moehBKcE4O1zy switch(config-ta-cert)# 3LvMLZcssSe5J2Ca2XIhfDme8UaNZ7syGYMsAW0nG7yYHWkEOQu9s switch(config-ta-cert)# -----END CERTIFICATE----- switch(config-ta-cert)# The certificate you are importing has the following attributes: Issuer: C=US, ST=CA, L=Rocklin, O=Company, OU=Site, CN=site.com/emailAddress=test.ca@site.com Subject: C=US, ST=CA, L=Rocklin, O=Company, OU=Site, CN=8400/emailAddress=test.ca@site.com Serial Number: 12121221634631568498 (0xaea51217d5945772) TA certificate import is allowed only once for a TA profile Do you want to accept this certificate (y/n)? y TA certificate accepted. switch(config-ta-root-cert)#
Importing a certificate into the TA profile
root-cert2 from file
rcert2-data
on the USB device:
switch(config)# crypto pki ta-profile root-cert2 switch(config-ta-root-cert2)# ta-certificate import usb:/rcert2-data The certificate you are importing has the following attributes: Issuer: C=US, ST=California, L=Rocklin, O=Company, OU=Site, CN=site.com/emailAddress=test.ca@site.com Subject: C=US, ST=California, L=Rocklin, O=Company, OU=Site, CN=8400/emailAddress=test.ca@site.com Serial Number: 12121221634631568498 (0xaea51217d5945772) TA certificate import is allowed only once for a TA profile Do you want to accept this certificate (y/n)? y TA certificate accepted. switch(config-ta-root-cert2)#