Importing a trustpoint configuration – Cisco ASA 5505 User Manual

41-16

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 41 Configuring Digital Certificates

Configuring Digital Certificates

Importing a Trustpoint Configuration

To import a trustpoint configuration, enter the following command:

Examples

The following example manually imports PKCS12 data to the trustpoint Main with the passphrase
Wh0zits:

hostname (config)# crypto ca import Main pkcs12 Wh0zits

Enter the base 64 encoded pkcs12.

End with a blank line or the word "quit" on a line by itself:

[ PKCS12 data omitted ]

quit

INFO: Import PKCS12 operation completed successfully

The following example manually imports a certificate for the trustpoint Main:

hostname (config)# crypto ca import Main certificate

% The fully-qualified domain name in the certificate will be:

securityappliance.example.com

Enter the base 64 encoded certificate.

End with a blank line or the word “quit” on a line by itself

[ certificate data omitted ]

quit

INFO: Certificate successfully imported

Command

Purpose

crypto ca import

trustpoint pkcs12

Example:

hostname(config)# crypto ca import Main

pkcs12

Imports keypairs and issued certificates that are associated with a
trustpoint configuration. The ASA prompts you to paste the text into the
terminal in base 64 format. The key pair imported with the trustpoint is
assigned a label that matches the name of the trustpoint that you create.

Note

If an ASA has trustpoints that share the same CA, you can use
only one of the trustpoints that share the CA to validate user
certificates. To control which trustpoint that shares a CA is used
for validation of user certificates issued by that CA, use the
support-user-cert-validation keyword.