Importing Certificates
You can import the following types of certificates into the managed device:
- Server certificate signed by a trusted CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.. This includes a public and private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. pair.
- CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate used to validate other server or client certificates. This includes only the public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. for the certificate.
- Client certificate and public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. of client. (The public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. is used for applications such as SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. which does not support X509 certificates and requires the public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. to verify an allowed certificate.)
Certificates can be in the following formats:
- X509 PEM unencrypted
- X509 PEM encrypted with a key
- DER
- PKCS7 encrypted
- PKCS12 encrypted
You cannot export certificates from the managed device.
The following procedure describes how to import certificates into the managed device:
- In the node hierarchy, navigate to the tab
- Expand the accordion.
- In the table click +.
- For , enter a user-defined name.
- For , click to navigate to the appropriate file on your computer.
- If the certificate is encrypted, enter and repeat the passphrase.
- Select the from the drop-down list.
- Select the from the drop-down list.
- Click .
- Click .
- In the window, select the required check box and click .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command imports CSR Certificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate. certificates:
crypto pki-import {der|pem|pfx|pkcs12|pkcs7} {PublicCert|ServerCert|TrustedCA} <name>
The following example imports a server certificate named
crypto pki-import der ServerCert cert_20