import (self-signed leaf certificate)

Syntax

import terminal self-signed [password <PW>]
import <REMOTE-URL> self-signed [password <PW>][vrf <VRF-NAME>]
import <STORAGE-URL> self-signed [password <PW>]

Description

Imports a self-signed leaf certificate including its matching private key.

Parameters

terminal
Import the certificate by pasting PEM-format data at the console. Upon execution, the config-cert-import context is entered for certificate pasting. To complete certificate data entry press Control-D in your terminal program. Alternatively, the pasted certificate data can include at its end the delimiter END_OF_CERTIFICATE (after the -----END CERTIFICATE----- line), making entry of Control-D unnecessary.
<REMOTE-URL>
Specifies a certificate data file on a remote TFTP or SFTP server. The URL syntax is:
{tftp:// | sftp://<USER>@} {<IP>|<HOST>} [:<PORT>] [;blocksize=<SIZE>]/<FILE>
<STORAGE-URL>
Available on switch families that provide USB device file import capability, specifies a certificate data file on a USB storage device inserted in the switch USB port. The URL syntax is:
usb:/<FILE>
password <PW>
Specifies the plaintext password used to decrypt the private key in the imported certificate data. When this parameter is omitted, the password is prompted for as required. Range: 1 to 32 alphanumeric characters.
vrf <VRF-NAME>

Specifies the name of the VRF to use for the remote URL file transfer. The default is mgmt.

Command context

config-cert-<CERT-NAME>

Authority

Administrators or local user group members with execution rights for this command.

Usage

  • This command cannot be used with the default certificate local-cert.

  • The PEM data format is supported for all import sources. The PKCS#12 data format is supported for <REMOTE-URL> and <STORAGE-URL>.

  • The PEM data must be delimited with these lines for the certificate data:
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    And the PEM data must be delimited with either of these line pairs for the private key data:
    -----BEGIN PRIVATE KEY-----
    -----END PRIVATE KEY-----
    
    -----BEGIN ENCRYPTED PRIVATE KEY-----
    -----END ENCRYPTED PRIVATE KEY-----

Example

Importing a self-signed leaf certificate from the console:

switch(config)# crypto pki certificate ss-leaf-cert
switch(config-cert-ss-leaf-cert)# import terminal self-signed
Paste the certificate in PEM format below, then hit enter and ctrl-D:
switch(config-cert-import)# -----BEGIN CERTIFICATE-----
switch(config-cert-import)# MIID2TCCAsGgAwIBAgIJAKcrqokm6p9GMA0GCSqGSIb3DQEBCwUAM
switch(config-cert-import)# tDCCA5ygAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgYgxCzABAYTAl
switch(config-cert-import)# VQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgNVBAcMBFJvc2UxDDAKB
...
switch(config-cert-import)# +fWQLxhp+jKJGZGOZz/FENt2uSfZHzlXiu8n3g+EgqExenY1pBRJr
switch(config-cert-import)# VuEEoNb/YfkPXHHva4Zfx223q+f694wlVsHkENSzqr2goHpa2fOzq
switch(config-cert-import)# alewwdmVqCES+x8bvhf3C/6IB6ePkEsnMlHNTeM=
switch(config-cert-import)# -----END CERTIFICATE-----
switch(config-cert-import)# -----BEGIN ENCRYPTED PRIVATE KEY-----
switch(config-cert-import)# MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIt8Ni3
switch(config-cert-import)# MBQGCCqGSIb3DQMHBAiBHrejkcdpdASCBMjVxrrYYPNt3V1abr9k8
switch(config-cert-import)# 5GE0U99awh9ys4360WR95xOFGThvjkTyRWG511nGwVeLZs/7TPXWI
...
switch(config-cert-import)# hzc5ZT/w2F08icRI5mFbGoTAAw9IIWMOXGweaWQJDyKGrhg89GrnV
switch(config-cert-import)# M2UuP/tYuuO328QcenKZEJmZKCbx78oFRR+pgma4oeMaFTIyXE6Pr
switch(config-cert-import)# GAdCK8tkDiJ9DKbqdM5W0/nTJfqwUQlfl27dNrBAodsHdrw3UR99H
switch(config-cert-import)# SPo=
switch(config-cert-import)# -----END ENCRYPTED PRIVATE KEY-----
switch(config-cert-import)# 
Enter import password: *******
Leaf certificate is validated as self-signed certificate and imported successfully.
switch(config-cert-ss-leaf-cert)# 

Importing a leaf certificate from a remote file:

switch(config)# crypto pki certificate ss-leaf-cert2
switch(config-cert-ss-leaf-cert2)# import tftp://1.1.1.2/ss2.p12 self-signed
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3230  100  3230    0     0   875k      0 --:--:-- --:--:-- --:--:--  875k
100  3230  100  3230    0     0   831k      0 --:--:-- --:--:-- --:--:--  831k
Enter import password: *******
Leaf certificate is validated as self-signed certificate and imported successfully.
8320(config-cert-ss-leaf-cert2)#